Uniqlo Hacked, Data From More Than 460,000 Accounts Accessed
Fast Retailing, the Japanese company behind the Uniqlo retail chain, announced this week that the data of more than 460,000 customers on its online shopping sites were accessed by hackers from April 23 to May 10. The breach gave hackers access to customers’ data including their names, addresses and contact details. The company acknowledged that partial credit card information “may have been browsed,” though “there is no possibility of leakage” in credit card security codes. Uniqlo has encouraged its e-commerce customers to set passwords that are unique and not easily guessable, in order to lower the likelihood of hackers accessing accounts successfully.
Total Retail's Take: Data security is of utmost importance and can't be overlooked by retail organizations. Customer trust is paramount to growing a successful retail business today, particularly online. Therefore, retailers must take steps to ensure their customers’ personal data is secure, and that sometimes involves education, which is true in this latest breach involving Uniqlo. This latest data breach should serve as a warning to other retailers.
"This attack is giving hackers new ammunition that they can load into their automation tool kits to target other retail sites," says Matt Keil, director of product marketing, Cequence Security. "If, for example, the username and password were part of the data set that was stolen, then the attackers can count on the fact that 52 percent of users re-use passwords, and an attacker can then load that information into an automation tool and use it to target another retail site.
"An added risk is access to account information gives hackers the ability to takeover the account then steal the value of what's stored within. If the Uniqlo account is holding a credit card for more rapid transactions, or a connection to a payment platform, the attackers can use that access to purchase goods, effectively stealing those goods and impacting both Uniqlo and the users themselves. A third area of risk is access to the customer’s loyalty account or the app in Uniqlo’s case. Attackers can take those points or the discount coupons and use them for their own fraudulent purposes."
