HBC tightens security after Saks Fifth Avenue website exposes customer info

Cornelia Mascio
Marzo 20, 2017

Your personal information may be publicly available online if you shopped at Saks Fifth Avenue. This include the email addresses of customers and the items codes for products that they had shown an interest in.

The Saks website is maintained by the digital division of Hudson's Bay Company, its parent company and owner of multiple department store chains such as Lord & Taylor and Gilt.

It reports a Hudson's Bay Company spokesperson says "we take this matter seriously" and that it's "moving quickly and aggressively to resolve the situation".

The company says no credit, payment or password information was exposed.

According to BuzzFeed, the website also served up some pages over unencrypted connections to logged in Saks customers, potentially leaving their data vulnerable for hackers to digitally exploit.

The Canadian retailer is the oldest continually operating business in North America, with roots dating back to a fur trader founded in 1670.

Graham, the cybersecurity professional who reviewed some of the vulnerabilities after being contacted by BuzzFeed News, said they could expose people to further security headaches.

On Saks Fifth Avenue's homepage, a small notification appears in the website bar warning users that the connection is not secure. BuzzFeed adds that the sites have an inconsistent approach to web encryption, protecting certain pages (such as the login page) but not others.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE