Customers of Kylie Jenner’s make-up company have been warned that their personal data could have been compromised following a data breach at ecommerce platform Shopify.
Blame for the event has been laid at a pair of ‘rogue’ Shopify staff members, who allegedly stole order records from Kylie Cosmetics. The theft is estimated to have targeted at least 100 sellers operating on the Shopify platform.
According to the Canadian e-commerce company, the issue occurred on September 23 and could have exposed the names of customers along with email and postal addresses. Shopify has also identified some customer credit card data as being at risk too, with the last four digits of cards potentially being exposed. However, it claims full payment details were not compromised following the breach.
- Take a look at the best credit card processing service
- Check out the best point of sale systems
- The best tax software around today
Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected. The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.
Data breach
Kylie Cosmetics has since launched an investigation into the security issue and said it is working with Shopify to identify any transactions that may have been affected.
The company added that it would be getting in contact with any of its customers who might have had their personal information compromised. Shopify is also working with the FBI and other agencies investigating the matter.
"Insider threat is a very real issue that gets little attention," noted Lamar Bailey, senior director of security at Tripwire. "Support engineers are often an entry-level job so it is easier for someone to infiltrate the organization at this level. A bad actor looking to gain company data can easily use a fake identity to secure a job then use this position as a launching point for gathering data to sell on the black market.
"It is imperative that organizations have security controls in place for users, access, and file monitoring to look for employees accessing systems, code, or data they do not need access to. A stance of least privilege for everyone is the best policy. With the current industry skills gap, organizations may not be as diligent validating the background of new employees.”
- Keep your business safe with the best endpoint protection software
