• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Justin Rowell by Justin Rowell
29.09.2022
Home Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Last week, KrebsOnSecurity heard from a reader who was browsing Zales.com and suddenly found they were looking at someone else’s order information on the website, including their name, billing address, shipping address, phone number, email address, items and total amount purchased, delivery date, tracking link, and the last four digits of the customer’s credit card number.

The reader noticed that the link for the order information she’d stumbled on included a lengthy numeric combination that — when altered — would produce yet another customer’s order information.

When the reader failed to get an immediate response from Signet, KrebsOnSecurity contacted the company. In a written response, Signet said, “A concern was brought to our attention by an IT professional. We addressed it swiftly, and upon review we found no misuse or negative impact to any systems or customer data.”

Their statement continues:

“As a business principle we make consumer information protection the highest priority, and proactively initiate independent and industry-leading security testing. As a result, we exceed industry benchmarks on data protection maturity. We always appreciate it when consumers reach out to us with feedback, and have committed to further our efforts on data protection maturity.”

When Signet fixed similar weaknesses with its Jared and Kay websites back in 2018, the reader who found and reported that data exposure said his mind quickly turned to the various ways crooks might exploit access to customer order information.

“My first thought was they could track a package of jewelry to someone’s door and swipe it off their doorstep,” said Brandon Sheehy, a Dallas-based Web developer. “My second thought was that someone could call Jared’s customers and pretend to be Jared, reading the last four digits of the customer’s card and saying there’d been a problem with the order, and if they could get a different card for the customer they could run it right away and get the order out quickly. That would be a pretty convincing scam. Or just targeted phishing attacks.”

In the grand scheme of many other, far more horrible things going on in information security right now, this Zales customer data exposure is small potatoes. And this type of data exposure is unbelievably common today: KrebsOnSecurity could probably run one story each day for several months just based on examples I’ve seen at dozens of other places online.

But I do think one key reason we continue to see companies make these easily avoidable mistakes with their customer data is that there are hardly ever any real consequences for organizations that fail to take more care. Meanwhile, their customers’ data is free to be hoovered up by anyone or anything that cares to look for it.

“Being a Web developer, the only thing I can chalk this up to is complete incompetence, and being very lazy and indifferent to your customers’ data,” Sheehy said. “This isn’t novel stuff, it’s basic Web site security.”


Next Post
Solar probe reveals clues to one of the sun’s greatest mysteries

Solar probe reveals clues to one of the sun’s greatest mysteries

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Tip: All Simple Mobile Tools Android apps are free on Google Play currently

Tip: All Simple Mobile Tools Android apps are free on Google Play currently

29.09.2022
Cash aid for refugees may cause inflation

Cash aid for refugees may cause inflation

29.09.2022

Trending.

Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

30.01.2023
Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

06.01.2023
Rohrreinigung – Kosten & Tipps

Rohrreinigung – Kosten & Tipps

05.01.2023
LinkedIn: A Business Boosting Resource

LinkedIn: A Business Boosting Resource

18.01.2023
The Role of Technology in Transforming Healthcare Advertising

The Role of Technology in Transforming Healthcare Advertising

03.01.2023
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message top bitcoin casinos

Recent News

Travel Business and Content Marketing: A Match Made in Heaven

Travel Business and Content Marketing: A Match Made in Heaven

07.02.2023
#SpendWithUkraine: A Campaign to Highlight Ukrainian-Made Products

#SpendWithUkraine: A Campaign to Highlight Ukrainian-Made Products

06.02.2023
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release