[3/21/17] Dive Brief:
- Saks Fifth Avenue online customers were subjected to privacy vulnerabilities when their personal information, including email, phone numbers and IP addresses were visible via open WiFi networks, Buzzfeed News reported on Sunday.
- Saks owner Hudson’s Bay Co., which maintains the retailer’s e-commerce site, took the affected pages offline after Buzzfeed inquired about the issue, which potentially affected tens of thousands of shoppers, according to the report.
- Hudson’s Bay acknowledged that some customer data was revealed, but it refuted the proportion of the claims, telling Buzzfeed in a prepared statement: “We want to reassure our customers that no credit, payment or password information was ever exposed. The security of our customers is of utmost priority, and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”
While the details and resulting impacts of this particular data breach are still unclear, the vulnerability itself is not uncommon for the industry. Retailers experience the most cyberattacks of any industry sector — three times as many as the previous top target, the financial industry — according to information and communications technology firm NTT Group’s 2016 Global Threat Intelligence Report.