794,000 Kiddicare customer details stolen in data breach

Personal details, including names, addresses and telephone numbers, stolen from test website

Parenting retailer Kiddicare has revealed up to 794,000 of its customers have been the subject of a data breach after a testing website was hacked.

The company was made aware of the breach after customers reported suspicious text messages sent to them that did not appear to be from Kiddicare.

Advertisement - Article continues below

An initial internal investigation suggested there had been no breach of its systems, however a security company later informed Kiddicare was a test site in use since 2015 that had been breached, rather than any of its live systems. Further internal investigations confirmed this was the case and that the names, addresses and telephone numbers of real customers had been stolen.

Independent security researcher Graham Cluley said in a blog post: "In principal, there's nothing really wrong with using real production data on a test environment *if* the test site is properly secured and does not make it easier for hackers to steal information than, say, on the normal, live servers. But it shouldn't be forgotten that this was a test site, and things are expected to go wrong.

"Unfortunately, time and time again it's seen that companies can be sloppier about the security of their test sites than their official sites opening opportunities for data thieves and hackers. For that reason it's usually much safer to generate fake data for testing purposes just in case."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Payment information such as credit card and bank details were not included in the breached database, meaning money could not be stolen from customers using the information extracted in the hack. However, criminals could use the data they do have in phishing scams designed to trick targets into handing over financial details.

"We are very sorry for the potential stress and anxiety this incident may have caused our customers," Kiddicare said in a statement.

"We want to reassure everyone that the problem has been fixed, increased security measures have been implemented and we have a dedicated team to here to help with any further concerns."

As a result of the breach, Kiddicare has reported itself to the Information Commissioner's Office (ICO), which will investigate further into how the breach happened.

"This latest breach goes to show how important it is to continually monitor for anomalous activity across the entire breadth of the network," Justin Harvey, CSO at Fidelis Cybersecurity said.

Advertisement - Article continues below

"While it's admirable that Kiddicare has gone straight to the UK's Information Commissioner, it's not good enough that the breach was discovered by customers whose information had not only been lost but already used with bad intentions."

"Once again it's the customers who are feeling the effects of a company's carelessness," Trent Telford, CEO at Covata added. "When websites are in the midst of development things are bound to go wrong, but this latest breach begs the questions why real customer data was used and, critically, why it wasn't encrypted."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/hacking/356478/researchers-detail-tetrade-family-of-brazilian-banking-trojans
hacking

Researchers detail Tetrade family of Brazilian banking trojans

16 Jul 2020
Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020
Visit/security/malware/356231/most-malware-came-through-https-connections-in-q1-2020
malware

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020
Visit/security/phishing/356211/phishing-attacks-target-unsuspecting-wells-fargo-customers
phishing

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/software/development/356420/linux-kernel-to-strip-out-racially-insensitive-terms
Development

Linux kernel to strip out racially insensitive terms

13 Jul 2020