Happi Staff08.02.20
Hopefully, Natura has a better handle on data security. The Brazilian cosmetics maker is in the process of acquiring Avon, but now it has a tech headache on its hands. In June, Avon disclosed to the US Securities and Exchange Commission that a misconfigured cloud server leaked 19 million records. The exposed data included personal information and technical logs.
In a statement, the cosmetics firm said: “Avon … after suffering the cyber incident... is planning to restart some of its affected systems in the impacted markets throughout the course of next week. Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data. Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.”
Still, cybersecurity experts said it was unacceptable that a database of this size was left exposed with no password protection or encryption. Ed Macnair, CEO of Censornet told Digital Journal that the leaked information provides hackers with everything they need to launch a multitude of sophisticated and targeted attacks.
“As these leaks continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over the data of their customers,” said Macnair. “It’s crucial that organizations adopt a multi-layered approach to security and implement the appropriate technologies correctly to keep these databases secure.”
In a statement, the cosmetics firm said: “Avon … after suffering the cyber incident... is planning to restart some of its affected systems in the impacted markets throughout the course of next week. Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data. Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.”
Still, cybersecurity experts said it was unacceptable that a database of this size was left exposed with no password protection or encryption. Ed Macnair, CEO of Censornet told Digital Journal that the leaked information provides hackers with everything they need to launch a multitude of sophisticated and targeted attacks.
“As these leaks continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over the data of their customers,” said Macnair. “It’s crucial that organizations adopt a multi-layered approach to security and implement the appropriate technologies correctly to keep these databases secure.”