British cybersecurity blogger Graham Cluley has reported that customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing.
Brands such as Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags, DLSB, and Traffic People entrusted web development and e-Commerce company Fashion Nexus to help them build an online store.
In all, the exposed information contains personal information of approximately 1.4 million users, including MD5-hashed passwords, names, email addresses, phone numbers, and other data. There is no indication that payment card information was put at risk.
Commenting on this, Ryan Wilk, vice president at NuData Security, a Mastercard company, said “Although payment data was not exposed, the personally identifiable information accessed can easily fuel synthetic identity fraud and identity theft.
With these types of fraud, personally identifiable information such as name, address, or date of birth is traded on the dark web to steal a real identity or construct an entirely new fraudulent one for theft. NuData has seen a 100% increase in purchase attempts with flagged – suspicious – credit cards, which are often used under a fake account that has been created with stolen information.
This is why retailers, e-Commerce organisations, banks, and financial institutions are layering in multi-layered security strategies using passive biometrics and behavioural analytics. These technologies can identify and protect companies against fake accounts created with stolen information using automation.”
