A Saks Fifth Avenue data breach has left customer information where it can be easily obtained.
The Saks Fifth Avenue website was leaving some customer information in its code without any type of encryption. This include the email addresses of customers and the items codes for products that they had shown an interest in. It also sometimes included the person’s phone number and IP address.
The Saks Fifth Avenue website also doesn’t always use a secure connection, even when users are logged in. This means that personal information could have been stolen by hackers if the customers were on a public Wi-Fi connection.
The lack of security on the Saks Fifth Avenue website was discovered by BuzzFeed News. Robert Graham, the owner of Errata Security, said that this was “as bad as security gets” and that it means “everyone is vulnerable.”
Hudson’s Bay, the parent company of Saks Fifth Avenue, says that it has been working to make the website more secure. The problems of the Saks Fifth Avenue website aren’t present on its other websites, such as those for Gilt and Lord & Taylor.
It’s important to note that there isn’t any evidence that the information left up on the Saks Fifth Avenue website has been used by hackers. However, it still isn’t a bad idea for any customers that were shopping online with the retailer to keep an eye on their bank accounts.
Data breaches have grown in frequency and in scale over the last few years. However, they typically requires hackers to break into a company’s system first. It’s not often that it is the company itself that leaves the information up for anyone to grab.