In early september, Yves Rocher warned about a data leak of millions of its customers. An exposed database left by a third party vendor was the cause of the breach. A server owned by Aliznet (serves IBM, Salesforce, Sephora, Louboutin) had an exposed database of Yves Rocher with millions of customer and their PII exposed. Researchers could access 2.5 million customer data and 6 million order details. It also exposed the company’s deals, discount and customer retention strategies and product composition through this. It is highly likely their customers be targetted by competing brands which could result in customer loss
Why It Happened ?
A server owned by Aliznet (serves IBM, Salesforce, Sephora, Louboutin) had an exposed database of Yves Rocher with millions of customer and their PII exposed. Researchers could access 2.5 million customer data and 6 million order details. It also exposed the company’s deals, discount and customer retention strategies and product composition through this. It is highly likely their customers be targetted by competing brands which could result in customer loss
What Can You Learn ?
The above attack used various loopholes at various stages and we can list a few mitigation steps from it.
- Digital Footprint Analysis can help one discover areas of possible vulnerabilities and one can secure the high loss threats first
- Third Party Security measures to make sure any vulnerability doesn’t affect one’s own customers
- PII regulations within the company for careful distribution of PII. Collection of PII only restricted to only when absolutely necessary
References
https://www.insurancebusinessmag.com/ca/news/cyber/cosmetics-giant-yves-rocher-compromised-2-5-million-canadians-data-potentially-leaked-177115.aspx
https://threatpost.com/data-leak-impacts-millions/147908/
https://techerati.com/news-hub/yves-rocher-data-breach-leak-exposed-aliznet-cybersecurity/