[BreachExchange] FatFace: We’ve Been Hacked. Please Don’t Tell Anyone

Destry Winant destry at riskbasedsecurity.com
Thu Mar 25 10:24:14 EDT 2021


https://www.forbes.com/sites/barrycollins/2021/03/24/fatface-weve-been-hacked-please-dont-tell-anyone/?sh=3951965a71fc

British fashion retailer FatFace has sent customers an email telling them
the company has been hacked - but pleads with them to keep the information
confidential!

The attack has seen customers names, email addresses and postal addresses
stolen, as well as partial payment card information, such as the last four
digits of the customer’s credit card number and the card expiry date.

The company says the attack took place more than two months ago, yet has
only today written to customers to inform them of the attack. Despite the
tardy response, the top of the email reads: “Please do keep this email and
the information included it within it strictly private and confidential”.

In the email sent to customers, the company says: “On 17 January 2021,
FatFace identified some suspicious activity within its IT systems.

“We immediately launched an investigation with the assistance of
experienced security specialists, who, following thorough investigation,
determined than an unauthorized third party had gained access to certain
systems operated by us during a limited period of time earlier the same
month.”

Customer fury
The email admitting the attack has not gone down well with the retailer’s
customers, many of whom have taken to social media to vent their dismay at
the company’s delayed response and failed attempt to keep the hack under
wraps.

FatFace has been approached for comment on why it asked customers to keep
the matter confidential.

In the email to customers, the company says it took two months to inform
customers because the effort to identify affected customers “was
comprehensive and coordinated by our external security experts; it
therefore took time to thoroughly analyze and categorize the data to ensure
we can provide the most accurate information possible”.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210325/ed85e342/attachment.html>


More information about the BreachExchange mailing list