Yves Rocher: a data leak exposing customers' personal information
Following a security breach at Launay, a supplier to the Yves Rocher cosmetics group, the latter saw personal information related to its customers disclosed on the internet.
But it was brought to our attention that the vulnerability was corrected and the information was brought to safety.
This article will also interest you: Airbus, victim of repeated computer attack
This kind of scenario is not at all an isolated fact. One usually sees large groups, especially French, are usually attacking through the provider. Not so long ago, airbus was on display here. In our case, the consulting company, called Aliznet, inadvertently let personal information of the French group's customers escape the Internet for a few hours before making up for its mistake. Enough time that allowed an Israeli cybersecurity company "vpMentor" to determine the flaw that caused it.
The Israeli computer security company first demonstrated that there was an opportunity to easily access the data of approximately 2.5 million customers, particularly Canadian nationals. Among the data that were exposed were names, phone numbers, emails and dates of birth. The Israeli firm still managed to access order lists in particular, one that had 6 million orders produced on the French group's website, with quotes and delivery dates. After such a technical audit, the French group concluded: "It turns out that contrary to what was announced in the press by the cybersecurity company that discovered this flaw, all the data contained in this database were fictitious data created to carry out a test. The fact that some common names in Canada, created in this test base, corresponded to client names is purely coincidental."
The company France also confirmed no bank data was stolen. Neither phone number for that matter. At the moment we don't know if any pirates computers were able to take advantage of the flaw. But an investigation is still ongoing to determine the extent of this leak.
none subcontractor on the French group's side has not yet presented any flaws Similar. So we can say that this is an isolated case. However, what will be the sanction imposed on Yves Rocher. Indeed, my personal data well and truly leaked. For its part, the National Commission on Computer Science and freedoms you have not yet made a statement. One wonders be his reaction to such a blunder. Who will be blamed? the subcontractor or the French group.
It should be noted that data that has escaped the vigilance of subcontractors can identify certain customers, with accurate information about their home and identity. One wonders what steps have been taken for their safety.
Now access an unlimited number of passwords: