J. Press notifies online customers of database compromise
J. Press, a company that sells clothes online for students at Ivy League colleges, has notified the New Hampshire Attorney General’s Office that its web site, jpressonline.com, was compromised on or about January 5.
The intrusion reportedly resulted in access to and/or acquisition of customer names, addresses, order information and credit card information for orders placed between January 5 and January 10. When the company learned of the breach, the ordering feature was disabled while they changed the password to access customer data stored by their web hosting service.
At the time of the notification to the state, the company had not yet secured the services of a forensic investigator, so the scope of the breach isn’t quite clear (nor the adequacy of their response), but the company reports that only one New Hampshire resident was affected.
Somewhat surprisingly, J. Press did not offer affected customers any free services. Are we saying a reversal in the trend to offer customers free credit monitoring services, if only as a measure of good will and to prevent disaffection?