Brabantia is a Dutch company known for making steel bins, but its database must have been a bit easier to rip into than steel, given that crooks have plucked out customer data tidbits.
The company sent customers a letter, also printed on its site, saying that routine monitoring of database accounts revealed that intruders may have compromised some “consumer details”.
The Register reports that the intrusion happened sometime between Thursday and Friday.
It’s not clear what data the intruders might have grabbed, but Brabantia said that it wasn’t financial. Nor were passwords accessed.
Heck, they don’t even store those nuggets, the company said in their letter:
Brabantia does not receive or store banking numbers, credit card numbers or other financial data. All our payments are handled by an external company that is completely separated from our own systems.
Nonetheless, Brabantia’s relegated all passwords to the trash, meaning that customers have to create new passwords if they want to get into their accounts.
According to The Register, Brabantia says it believes “the potentially vulnerable data is limited to name, email (address), and products ordered”.
We don’t know how intruders got into Brabantia’s database or exactly what they accessed, but we do know that all data that’s considered sensitive or important should be strongly encrypted as a matter of routine when immediate access isn’t required.
Let’s hope that the company who handles Brabantia’s financial data off-site is taking care of it, with good encryption that includes proper salting and hashing.
After all, if intruders can get far inside your network to get at a database, they well might be crooks looking for financial data to sell off to identity thieves and credit card scammers, and they might keep poking around until they find it!
Sophos lists unencrypted files as one of the 7 Deadly IT Sins.
No matter how big or small the breach, and no matter if a company sells clothes, tools or steel bins, reputation and customer loyalty can suffer grievously.
Sophos has resources, including videos and whitepapers, that can help with common security sins.