Dark Mode Light Mode

Hackers may have obtained North Face customer data

, vertical outdoor apparel retailer The North Face is alerting online accountholders of a “credential stuffing” attack on its e-commerce site. In credential stuffing, hackers automatically try to log into consumers’ accounts on different sites by using password data from another site. Consumers who reuse passwords for more than one site are left vulnerable to unauthorized access.

Infosecurity excepted an email The North Face sent to potentially affected customers, which said in part, “Based on our investigation, we believe that the attacker obtained your email address and password from another source and may have accessed the information stored on your account at thenorthface.com.”

The email lists possible pieces of exposed information as including first and last name, birthday, telephone number, products purchased and/or saved to “favorites,” billing and shipping address(es), customer loyalty point data, and email preferences. The North Face tokenizes customer payment card data, making it inaccessible in this type of security breach, but has deleted all tokenized information from its site since the attack.

Advertisement

The retailer also reportedly limited site log-ins from what it deems “suspicious” sources and deleted any user passwords which may have been compromised in the attack. Customers will have to re-enter payment card data and create new passwords – The North Face is advising them to not re-use any password from a different site.

In addition, The North Face reportedly notified the California attorney general’s office (the retailer is based in Alameda, Calif.) of a “brute force” attack being launched against its e-commerce site during the period of Thursday, Oct. 8 – Friday, Oct. 9.

Mike Puglia, chief strategy officer at IT management software provider Kaseya, advises online retailers to maintain payment card compliance by implementing corporate cybersecurity standards.

“First and foremost, retailers must ensure they are complying with the Payment Card Industry Data Security Standard (PCI DSS), said Puglia. “Compliance with these standards helps retailers protect payment card data by restricting physical and digital business access to cardholder data and requiring multi-factor authentication for all non-console administrative access.”

Ruston Miles, founder and advisor of payment/data security technology vendor Bluefin, said defensive measures like encryption and tokenization of sensitive data can also prove valuable in fighting cyberfraud.

“Retailers need to operate under the assumption that every wall has its gaps,” said Miles. “Eventually, a hacker will break through and unless you’ve made your data useless to hackers, a compromise is likely to occur.


This article originally appeared in ChainStoreAge.

Author

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Post

RudderStack Introduces RudderStack Cloud Free

Next Post

Hawaiian Airlines Offers Test Kits for Points in New Loyalty Promotion

Advertisement

Subscribe to Customerland

Customer Enlightenment Delivered Directly to You.

    Get the latest insights, tips, and technologies to help you build and protect your customer estate.