British fashion retailer FatFace has been hacked.
Whoops! I said it. Sorry.
I’m not sure FatFace wanted anyone to talk about it, so maybe I shouldn’t have mentioned it.
Because its email notification to breached customers stars like this:
“Strictly private and confidential”
Let’s read a little further:
“Please do keep this email and the information included within it strictly private and confidential.”
What a shame FatFace hadn’t been quite so cautious about the privacy and confidentiality of its customers, eh?
An unspecified number of them have had their names, email addresses, address details, and partial payment card details (last four digits and expiry date) compromised.
FatFace discovered suspicious activity on its network on January 7 2021, and says it quickly put things right.
However, it has taken FatFace over two months to tell its affected customers.
FatFace tries to explain away the delay by saying it has taken time to “clearly identify who was (and was not) involved in this incident and to identify precisely what information was involved”.
“This identification effort was comprehensive and coordinated by our external security experts; it therefore took time to thoroughly analyse and categorise the data to ensure we can provide the most accurate informtion possible.”
This is the reason FatFace gives for not raising the alarm earlier. This is the reason why people who continued to shop on FatFace’s website after the hack was discovered, were not informed that there had been a security breach. It’s definitely not because FatFace was worried that it might put some people off shopping with them.
Well, never mind. I’m sure other potential customers will be comforted by the thought that FatFace wanted customers who had had their pesonal details stolen by hackers to keep it secret, and not talk about it to anyone.
FatFace says in the email that it would rather no-one talked about that “FatFace is a safe place to shop, both in store (when we can reopen our shops) and online.”
Unsurprisingly, some customers have taken their disappointment with the way FatFace has communicated the hack public, posting on social media.
But yeah, FatFace would rather if you just took it to a private DM instead…
Further reading: FatFace pays out $2 million to Conti ransomware gang
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.