Shopify data breach hits Kylie Jenner make-up firm

News
By
published

Data breach results in compromised Kylie Cosmetics customer details including emails and credit card numbers

(Image credit: Shutterstock.com / melissamn)

Customers of Kylie Jenner’s make-up company have been warned that their personal data could have been compromised following a data breach at ecommerce platform Shopify

Blame for the event has been laid at a pair of ‘rogue’ Shopify staff members, who allegedly stole order records from Kylie Cosmetics. The theft is estimated to have targeted at least 100 sellers operating on the Shopify platform.

According to the Canadian e-commerce company, the issue occurred on September 23 and could have exposed the names of customers along with email and postal addresses. Shopify has also identified some customer credit card data as being at risk too, with the last four digits of cards potentially being exposed. However, it claims full payment details were not compromised following the breach.

Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected. The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.

Data breach

Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected. 

The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.

"Insider threat is a very real issue that gets little attention," noted Lamar Bailey, senior director of security at Tripwire. "Support engineers are often an entry-level job so it is easier for someone to infiltrate the organization at this level. A bad actor looking to gain company data can easily use a fake identity to secure a job then use this position as a launching point for gathering data to sell on the black market.

"It is imperative that organizations have security controls in place for users, access, and file monitoring to look for employees accessing systems, code, or data they do not need access to. A stance of least privilege for everyone is the best policy. With the current industry skills gap, organizations may not be as diligent validating the background of new employees.”

Rob Clymo
Rob Clymo

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.

More about security
healthcare

Over a million clinical records exposed in data breach
QR Code

Hackers are targeting Signal with new QR code-linked cyberattack
Fiio FT7 headphones on a shelf, showing the grille

My favorite affordable audiophile brand just launch new flagship wired headphones – though these ones are pushing the 'affordable' part
See more latest