In July 2018, white hat hacker Taylor Ralston discovered a data leak involving Fashion Nexus, a UK-based e-commerce and web design company. This data leak, first reported by security researcher Graham Clueley, exposed the personal data of around 700,000 UK shoppers.
Fashion Nexus has built online stores for a number of famous brands, including AX Paris, Elle Belle Attire, and Traffic People. Ralston was able to access Fashion Nexus' server that stores the personal data of customers who shopped at these websites.
This leak exposed UK shoppers' personally identifiable information, including their names, phone numbers, email addresses, and MD5-hashed passwords. Though the exposed customer records contain personally identifiable information, they do not contain any payment card information or bank account details. This data leak is especially worrying because there's no way of confirming whether or not this data has fallen into the wrong hands.
Occuring just a couple months after the GDPR came into effect, this data leak is a definite act of non-compliance. While the exposed data belongs to the online retailers' customers, it was still Fashion Nexus' job to securely process this data. Whether or not Fashion Nexus will face fines is still up for debate.
ManageEngine EventLog Analyzer helps you audit access to the confidential data stored in your databases, monitor user activity within databases, and secure databases by monitoring them for common attack patterns. It also provides real-time alerts about data leaks and unauthorized access to network resources. With these features and more, EventLog Analyzer helps you comply with the GDPR, and pass other popular compliance audits easily.
Start your free trial of EventLog Analyzer today.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.