Tag Archive for: retailer

FTC Orders Online Retailer CafePress to Improve Security After 2019 Hack

/in


The Federal Trade Commission on Friday ordered online retailer CafePress to strengthen its security measures and pay a $500,000 fine as part of a settlement over a 2019 breach affecting millions of customers’ personal data.

The final order mandates that the e-commerce site minimize its data collection, encrypt users’ Social Security numbers and institute multifactor authentication measures. The company also will have to undergo independent security audits every other year.

The settlement reflects how the agency under Chair Lina Khan has pushed prescriptive measures to curtail alleged data-privacy abuses and security lapses. The Biden appointee has promised to take a more aggressive approach to such issues as part of an expansive regulatory agenda.

The CafePress settlement stems from a February 2019 incident in which a hacker accessed data from the online retailer’s computer systems. The breached information included more than 20 million customer emails and passwords with allegedly inadequate encryption, as well 180,000 Social Security numbers stored in plain text. The FTC alleged that the e-commerce site failed to implement reasonable security protections, retained data longer than necessary and didn’t properly investigate the breach.

The order, finalized Friday, will cover CafePress for the next 20 years, requiring the e-commerce site to also report future cyber incidents to the FTC.

CafePress didn’t admit to wrongdoing as part of the settlement. A representative for PlanetArt LLC, which owns the online retailer, didn’t respond to a request for comment.

Approved unanimously by FTC’s five commissioners, the order comes as the agency’s new Democratic…

Source…

The Works hit by hackers, UK retailer shuts some stores after problems with payment tills

/in


UK high street retailer The Works has shut some of its stores following a “cyber security incident” which saw hackers gain unauthorised access to its systems.

According to a statement issued by the firm, which has over 500 stores across the country selling a range of cut-price books, art and craft materials, gifts, and stationery, the attack has caused issues with payment tills which have forced the closure of some stores:

There has been some limited disruption to trading and business operations, including the closure of some stores due to till issues. Replenishment deliveries to the Group’s stores were suspended temporarily and the normal delivery window for the fulfilment of online orders was extended, but store deliveries are expected to resume imminently and the normal online service levels are progressively being reintroduced.

While customers are experiencing longer delivery times for online orders, some stores are reported to only be accepting cash.

According to the retailer, customers have not had their payment card details exposed as a result of the security breach:

“All debit and credit card payment data are processed securely outside the group’s systems, via accredited third-party networks, and, therefore, there is no risk that this payment data has been accessed improperly.”

The Works says that it was “alerted to the incident by the operation of its security firewall,” and has disabled all internal and external access to its systems – including email – while it investigates the hack with an external team of cybersecurity experts.

In its statement, The Works has not confirmed that it suffered a ransomware attack and there is no indication that it has received a demand for cash from its attackers.

However, some media outlets are claiming that sources close to the incident are saying that computer systems were hit with ransomware after an employee fell victim to a malicious email.

The Works says that it has “made some immediate protective changes to further strengthen its security position,” and has informed the Information Commissioner’s Office (ICO) in case any customer data might have been exposed by the breach.

Source…

Maintaining Retailer Cybersecurity During Peak Holiday Shopping Season

/in


Each year, retailers eagerly look forward to Black Friday, Cyber Monday, and the start of the holiday shopping season. And for good reason, since these few short days account for 20-30% of annual sales. In 2019, the weekend generated $7.4 billion in online sales and consumers spent $11 million per minute at the peak of online activity.

Cybercriminals look forward to the holiday season no less avidly. After all, more transactions means more opportunities for cyber thievery.

Retailers are a favored target of cybercriminals because they have personal information, including credit card information, for millions of people. That data is a treasure trove that can be readily sold or exploited by hackers.

Supply Chain Vulnerabilities

Retailers, of course, aim to provide as frictionless an experience as possible for their customers, based on the understanding that an easier purchase process makes it more likely that customers will buy – and return to buy more. This often means storing lots of sensitive customer information, including credit card information, to make shopping more convenient. It also increasingly means depending on technology solutions from a growing number of third-party vendors. According to one survey, companies allow 89 vendors, on average, to access their networks.

Supply chain vulnerabilities have led to major data breaches for retailers. Examples include:

  • . Cybercriminals made off with credit or debit card information for 40 million accounts in an attack that was routed through the company’s HVAC vendor.
  • Home Depot. Accessing the Home Depot network via a third-party vendor, attackers installed malware that enabled them to steal information for 56 million credit/debit card accounts.
  • Under Armour. 150 million accounts were compromised by an attack that came through the MyFitness Pal app, which Under Armour had acquired.
  • Saks, Lord & Taylor. Five million credit and debit card accounts were compromised by an attack via a cash register system vendor.

According to a report from IBM, the average cost of a data breach in the United States in 2020 was over $8 million. In some cases, such as if the breach results in a violation of European data privacy laws and triggers massive…

Source…

Taylor Swift Changes Artwork For New Album, Merch After Online Retailer Complains Of Similarities

/in

If ever there were an artist who seems to straddle the line of aggressive intellectual property enforcement, that artist must surely be Taylor Swift. While Swift has herself been subject to silly copyright lawsuits, she has also been quite aggressive and threatening on matters of intellectual property and defamation when it comes to attacking journalists and even her own fans over trademark rights. So, Taylor Swift is, among other things, both the perpetrator and the victim of expansive permission culture.

You would think someone this steeped in these concerns would be quite cautious about stepping on the rights of others. And, yet, it appears that some of the iconography for Swift’s forthcoming album and merchandise was fairly callous about those rights for others.

Amira Rasool, founder of the online retailer The Folklore, accused the pop star last week of selling merchandise that ripped off the logo of her company, which sells apparel, accessories and other products by designers in Africa and the diaspora.

Rasool shared photos on Twitter and Instagram that showed cardigans and sweatshirts with the words “The Folklore Album” for sale on Swift’s website.

View this post on Instagram

This morning, it came to my attention that musician #TaylorSwift is selling merchandise to go along with her new album ‘Folklore’. She is currently selling merchandise with the words “The Folklore” printed on them. Based on the similarities of the design, I believe the designer of the merch ripped off my company’s logo. I am sharing my story to bring light to the trend of large companies/celebrities copying the work of small minority-owned business owners. I am not going to let this blatant theft go unchecked. Please tag @diet_prada and @thefashionlaw under the post and share this on Twitter and IGz #TheRealFolklore #TheFolklore Original logo designed by @cainecasket

A post shared by Amira Rasool (@amirarasool) on

Are those logos confusingly similar? Given the shared brand name… yeah, probably! While not exactly the same, particularly given the font and style choices, the overall placement of the words in each logo is similar enough that I can see a valid trademark issue here.

Now, let’s be super clear about a couple of things. First, Swift has changed the logo after Rasool’s complaint. She also reached out to Rasool and commended her organization and appears to have made a contribution to it as well. Rasool herself has responded appreciatively and has said the matter is closed. A monster Taylor Swift is not.

But that isn’t really the point. In many instances, this is how trademark infringement issues happen. I have seen nothing to suggest that Swift’s team knew of Rasool’s organization and blatantly ripped off her logo. Maybe they did, maybe they didn’t. But it’s not tough to picture how this could have happened relatively innocently. And that immediately brings to mind the following question: would Swift have offered the same grace to the targets of her own enforcement as did Rasool? Given how aggressive she’s been in trying to trademark all the things and then going after her own fans as a result, it seems doubtful.

But maybe this is the learning opportunity she needs. I won’t hold my breath.

Techdirt.