Maybe every e-commerce site should assume they were hacked last year

Customers may be singing, “You got mud on your face, you big disgrace” when they receive a breach notification from GlamGlow, the latest business to disclose that it had a breach more than one year ago that they’ve only recently discovered. The notification letter begins:

We recently became aware that an unauthorized party accessed the website and acquired certain personal information of some of our customers. After learning of the issue, we launched an investigation and retained outside experts to help us understand the nature and scope of the issue. Based on the investigation, we believe the incident occurred between September 19 and September 21, 2014 and May 12 and May 15, 2015. The affected information may have included names; addresses; telephone numbers; payment card numbers, expiration dates and security codes; email addresses; and GlamGlow account passwords.

Those notified are being offered one year of services with Equifax Credit WatchTM Gold. In the meantime, check your statements for signs of fraud, and change your passwords if you’ve reused your GlamGlow password anywhere else.

About the author: Dissent

Comments are closed.