Online clothing brand
Even online retailers get cyber security wrong
Cliquez sur chaque termes pour accéder aux articles correspondants
Case Study
Cyberrisques
2019
It wasn’t a global fashion retailer's trendy outfits a cyber attacker was interested in – it was skimming the financial details of over 100,000 customers. With more than 100 markets impacted, Clyde & Co’s rapid central coordination helped cut the problem down to a size zero.
Even online retailers get cyber security wrong. And when there is an attack the danger of the entire business being paralysed is much higher than old fashioned bricks-and-mortar companies. When this happened to a popular online clothing brand fast fashion came to a grinding halt.
The fashion house, which has a global following, discovered that an attacker had gained access to its systems and stolen a vast amount of customer data (including banking details). In total, it affected over 100,000 customers in over 100 countries across Asia Pacific, the Americas and Europe, Middle East and Africa.
Even online retailers get cyber security wrong
An attacker had gained access to their system and stolen a vast amount of customer data (including banking details)
With a total impact of over 100,000 customers in over 100 countries
When cyber-attacks happen it's our goal to resolve them quickly and mitigate the business interruption as much as possible
With the breach discovered and actual financial harm being caused to a number of customers (through credit cards being skimmed), the company quickly shut down part of its ecommerce platform. Clyde & Co was then brought in to coordinate a global response, working closely with national regulators, as well as identifying all liabilities. It also rapidly notified all affected individuals, so that further misuse of information could be minimized.
The cyber team instructed forensic IT consultants to go into the system and review the incident. These experts were able to trace the signs of malware being present and could determine the extent of data that had likely been taken.
In a parallel process the team worked simultaneously with regulators in over 25 jurisdictions. And although based outside Europe, as it targeted customers in the EU, the company was also subject to the Global Data Protection Regime (GDPR).
The global Clyde & Co team was able to deliver a multi-jurisdictional response, including the timely (within 72 hours) notification of the 28 states that make up the EU.
Helen Bourne, Partner
Helen Bourne, who leads Clyde & Co’s cyber team in the UK, says “We also dealt with the company’s process and payment partners, and other key stakeholders, including its private equity backers.”
The team helped to coordinate a comprehensive response that embraced the whole business, from board level to customer service team, impacted individuals and even the retailer’s owners. With the breach now closed and the system protected, the company was soon able to fully reopen for business.
“When cyber-attacks happen it’s our goal to resolve them quickly and mitigate the business interruption as much as possible,” concludes Helen. “Also, by responding rapidly and transparently in meeting the client’s regulatory obligations we also minimize the instances of subsequent regulatory investigations."
Partner
Partner
Partner
Associé
Associée
Cyber simulations - forewarned is forearmed
Cyber crime doesn’t pay
{{Title}}