News

Advanced Search

Signet Fixes Data Issue at Kay, Jared

Dec 5, 2018 10:37 AM   By Rapaport News
Comment Comment Email Email Print Print Facebook Facebook Twitter Twitter Share Share


RAPAPORT... Signet Jewelers has repaired a configuration bug on the order pages of subsidiaries Kay and Jared that accidentally exposed the personal information of customers who purchased online.

A Jared customer contacted Signet last month after noting he could see other buyers’ order information by slightly modifying the link in his own confirmation email. The accessible data included names, billing addresses and the last four digits of customers’ credit-card numbers.

The customer then contacted cybersecurity news website Krebs on Security when there was no change in his ability to view others’ data. Signet had, in fact, fixed the problem for all future orders, but it hadn’t solved it for past and current orders, Krebs cited Scott Lancaster, Signet’s chief information security officer, as saying. The jeweler later resolved the data leak for all orders, Lancaster continued.

“In early November, a customer made us aware of a configuration detail associated with the completed-order confirmation page for our e-commerce websites for Kay, Jared and select North American regional banners,” Signet told Rapaport News Tuesday. “The affected order-confirmation page only included information such as name, billing and shipping address, phone number, order details, and last four digits of the credit card used, but did not include sensitive information such as full credit-card numbers, usernames and passwords to accounts, or social-security numbers.”

Online sales have grown over the past year, culminating in the largest US online shopping day of all time on Cyber Monday, which grossed $7.9 billion. Organized retail crime is also climbing, with 92% of companies surveyed by the National Retail Federation stating they had been a victim within the past year. Retailers attributed that increase, in part, to the ease of online fraud, the trade body said last month.

“We are a customer-first company, and when we fall short of expectations, we own it,” Signet added. “While we immediately addressed and fixed this configuration detail for all past, present and future orders, we are continuing to work with multiple third‐party experts to confirm and enhance the security of our e-commerce websites.”

Image: Kay store. (Signet Jewelers)
Tags: Cybersecurity, e-commerce, Jared, kay, Kay Jewelers, online sales, Rapaport News, retail, Signet, Signet Jewelers
Similar Articles
Fossil EVPFossil Group Hires Ex-Pandora Exec
Dec 12, 2018
Fossil Group has appointed former Pandora chief merchandising officer Beth Moeri as executive vice president
Comments: (0)  Add comment Add Comment
Arrange Comments Last to First
© Copyright 1978-2018 by Martin Rapaport. All rights reserved. Index®, RapNet®, Rapaport®, PriceGrid™, Diamonds.Net™, and JNS®; are TradeMarks of Martin Rapaport.
While the information presented is from sources we believe reliable, we do not guarantee the accuracy or validity of any information presented by Rapaport or the views expressed by users of our internet service.