Signet Fixes Data Issue at Retail Brands

By Rapaport News / December 05, 2018 / www.diamonds.net / Article Link

RAPAPORT... Signet Jewelers has repaired a configuration bug on theorder pages of subsidiaries Kay and Jared that accidentally exposed the personalinformation of customers who purchased online. A Jared customer contacted Signet last month after noting hecould see other buyers' order information by slightly modifying the link in hisown confirmation email. The accessible data included names, billing addressesand the last four digits of customers' credit-card numbers. The customer then contacted cybersecurity news website Krebson Security when there was no change in his ability to view others' data. Signethad, in fact, fixed the problem for all future orders, but ithadn't solved it for past and current orders, Krebs cited Scott Lancaster, Signet'schief information security officer, as saying. The jeweler later resolved thedata leak for all orders, Lancaster continued. "In early November, a customer made us aware of aconfiguration detail associated with the completed-order confirmation page forour e-commerce websites for Kay, Jared and select North American regional banners,"Signet told Rapaport News Tuesday. "The affected order-confirmation pageonly included information such as name, billing and shipping address, phonenumber, order details, and last four digits of the credit card used, but didnot include sensitive information such as full credit-card numbers, usernamesand passwords to accounts, or social-security numbers." Online sales have grown over the past year, culminatingin the largest US online shopping day of all time on Cyber Monday, whichgrossed $7.9 billion. Organized retail crime is also climbing, with 92% ofcompanies surveyed by the National Retail Federation stating they had been avictim within the past year. Retailers attributed that increase, in part, tothe ease of online fraud, the trade body said last month. "We are a customer-first company, and when we fall short ofexpectations, we own it," Signet added. "While we immediately addressed andfixed this configuration detail for all past, present and future orders, we arecontinuing to work with multiple thirdparty experts to confirm and enhance thesecurity of our e-commerce websites."Image: Kay store. (Signet Jewelers)