Signet Jewelers, the company that owns Jared and Kay Jewelers, solved a massive data breach that allowed anyone to view information about other customers' orders, including a home address and the last four digits of the credit card. 39; buyer, according to a Monday (December 3) report.
The problem came to light in mid-November, when a Dallas web designer named Brandon Sheehy bought a pair of earrings for his girlfriend from Jared online.
Sheehy found that when he changed the link in the confirmation e-mail only slightly, and pasted it in a web browser, he could see another customer's order. The information clearly showed the customer's name, shipping and billing address, telephone number, e-mail address, all items and total amounts, the delivery date, the tracking link and the last four digits of the card number customer credit.
"My first thought was that they could track down a jewelry package on someone's door and take it out of their door," he said. "My second thought was that someone could call Jared's customers and pretend to be Jared, read the last four digits of the customer's card and say that there was a problem with the order, and if they could get a different card for the customer could do it right away and get the order quickly, it would be a pretty convincing scam or just targeted phishing attacks. "
Sheehy contacted Jared's parent company, Signet Jewelers, to report the problem and ask for it to be resolved, she said, but she could still see the information for weeks.
Scott Lancaster, Signet's chief information security officer, said the company solved the problem for all future orders, but until recently it did not solve the problem with previous orders.
"When a customer first brought this problem to our attention at the beginning of November, we corrected it for all new orders in the future," said Lancaster. "But at the moment we did not realize that this applied to all past orders and future orders."
[ad_2]Source link