shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Carter’s

      Jun 11, 2021 3:32:36 PM

      The target: Carter’s, a U.S based retailer of baby clothing and apparel.

      The take: An estimated 410,000 records of personally identifiable information including: full names, physical addresses, email addresses, phone numbers, shipping tracking ID’s, and purchases and transaction details.

      The attack vector: The breach occurred because of the failure to implement authentication controls for the URL shortener used on the site. When a customer made a purchase online, they were redirected to the shortened purchase cart page URL which had no credential management. Furthermore, the links were not set to expire, letting anyone with the URL access the sensitive information at any time for any length of time.

      Any page where customer data is stored should follow industry standard practices be managed with proper credential deployment and security. The exposure of detailed personal information makes a firm’s users extremely vulnerable to phishing attacks and fraud.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates