In a statement, the cosmetics firm said: “Avon … after suffering the cyber incident... is planning to restart some of its affected systems in the impacted markets throughout the course of next week. Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data. Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.”
Still, cybersecurity experts said it was unacceptable that a database of this size was left exposed with no password protection or encryption. Ed Macnair, CEO of Censornet told Digital Journal that the leaked information provides hackers with everything they need to launch a multitude of sophisticated and targeted attacks.
“As these leaks continue to take place, the onus is on businesses of all sizes to ensure that they have visibility and control over the data of their customers,” said Macnair. “It’s crucial that organizations adopt a multi-layered approach to security and implement the appropriate technologies correctly to keep these databases secure.”