.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Halfords
Jun 30, 2022 3:43:22 PM
The Target: Halfords, a U.K-based automobile maintenance service.
The Take: Exposure of Personally Identifiable Information of current and past customers including: telephone number, car details, and physical address location.
The Vector: The firm’s automated confirmation email which contained a URL link for order tracking with ID in the address. By incrementing the ID number, different orders belonging to other customers were able to be freely accessed and seen.
The breach is critical reminder of the importance of credential management and authentication around points of access which expose customer data. The information stored in customer record scenarios is especially sensitive as the exposed details can greatly aid malicious actors in crafting highly targeted and effective spear-phishing campaigns. All points of access to sensitive data should be appropriately locked down, minimizing unnecessary and dangerous exposure of customer information.
