Dive Brief:
-
Fast Retailing, parent company of brands including Uniqlo, GU, Theory and J Brand, announced on Monday that customer accounts on the Uniqlo Japan and GU Japan online stores were accessed by hackers, according to a company press release.
-
Fast Retailing detailed that 461,091 unauthorized logins occurred between April 23 and May 10, per the release. The company filed a report about the incident with the Tokyo Metropolitan Police.
-
Customer data that was potentially accessed includes first and last name, address, phone or mobile number, email address, gender, date of birth, purchase history, clothing measurements and partial credit card information. The company said that it identified the origin of the cyberattack, disabled user passwords and notified people that were impacted. It also pledged to strengthen its own security measures.
Dive Insight:
Data security is an ongoing concern for both consumers and retailers. And one that despite awareness and public reports of breaches continues to strike retailers in all categories.
One of the largest breaches in recent history occurred when Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores had an attack on their point-of-sale systems, which led to 5 million stolen credit and debit card numbers. At the time parent company to all three brands, HBC, framed it as a "data security issue," while security research firm Gemini Advisory described it as "amongst the biggest and most damaging to ever hit retail companies."
Additionally, last summer Adidas experienced a data hack of its e-commerce site that impacted millions of customers. Compromised records included contact information, usernames and encrypted passwords.
As a response to its current hack, Fast Retailing encouraged all customers to change their passwords and, as added safety measures, to avoid employing easily guessed passwords and to adopt different logins from those utilized with other websites. While those methods are generally recognized as best practices to secure online information, it doesn't address larger issues of companies' continued need for vigilance when it comes to data security.
"While it's important that individual web users have strong, secure logins, the onus is on the businesses to detect and block malicious bot traffic before large-scale password hacks can occur," Rami Essaid, co-founder of bot mitigation company Distil Networks, said in comments emailed to Retail Dive.
