Following last week’s news of a four-year-long breach of Marriott International’s Starwood guest reservation system (one of the largest of all time), KrebsOnSecurity has notified the public of another security threat from jewelry retailers Jared and Kay. NAFCU continues to call on leaders in Washington to enact a national data security standard to ensure consumers are protected.
According to KrebsOnSecurity, the companies – both owned by Signet Jewelers – had a website vulnerability that when an order confirmation link was modified, customers could see another customer’s order, including their name, billing and shipping addresses, items purchased, tracking numbers and the last four digits of the credit card used, among other information.
A web developer who caught the vulnerability and notified Signet and KrebsOnSecurity noted possible ways thieves could use that information to either steal packages, or scam customers for more personal information. Signet says the data-exposure vulnerability has been fixed.
In the wake of the Marriott breach, NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt urged leaders of the Senate Banking and House Financial Services Committees to take action on a national data security standard, and reiterated the principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.
continue reading »