Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Tommy Hilfiger Japan breach exposes hundreds of thousands of customers data

Wednesday 1 May 2019 | 09:13 AM CET

Safety Detective has revealed a security breach in the Tommy Hilfiger Japan client database, exposing personal details of hundreds of thousands of customers.

Tommy Hilfiger’s Japanese website, which received nearly one million visits so far in 2019, runs on an open Elasticsearch server not intended for URL access. But with minimal manipulation, the research team of Safety Detective was able to find the gaping security oversight to the customer database.

The unsecured database provided easy access to the personal details of hundreds of thousand of customers in Japan, including first and last names, addresses, phone numbers, email addresses, dates of birth, last purchase dates, total orders made, and membership numbers. The unencrypted info, stretching as far back as 2014, was accessible without a password, leaving the sensitive data completely unprotected.

In addition to the vast customer info, details on millions of orders were also accessible, including product descriptions, prices, pictures, sizes, SKUs, and manufacturing dates; as well as nation wide store locators complete with phone numbers, addresses, and more.
Safety Detective team spoke to the Senior Vice President of Security at PVH, the parent company of Tommy Hilfiger (as well as Calvin Klein, Van Heusen, IZOD, ARROW, Speedo, Warner’s, and Olga), who acted quickly after receiving the disclosure to shut down the affected servers.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement