10 Jan Online Shop Fails to Assess Severity of Breach Due to Lack of Backups
In a breach notification letter recently sent to California’s Office of the Attorney General, an online beauty product vendor admitted that it is unable to properly assess the extent of security breach that hit its systems as they had failed to keep any backups.
Rea.deeming Beauty Inc., the company behind Beautyblender, said in the letter that a malware that had infected its online shop was responsible for the security incident where the credit card details of some customers were used for fraudulent transactions. The company’s hosting provider found the malware on October 2017, which was confirmed by a third party cyberforensic investigator last November.
Due to the lack of recent backups, the last one being from April 2015, Beautyblender says that it cannot ascertain how long the malware had been on the site. The company is now advising all of its customers to be vigilant of fraud and identity theft.
Source: Bleeping Computer