iTnews

Aussie fashion e-tailer Princess Polly suffers data breach

By Ry Crozier on Jun 1, 2019 12:02AM
Aussie fashion e-tailer Princess Polly suffers data breach

Card info may have been captured as it was entered into site.

Australian online fashion e-tailer Princess Polly suffered a data breach which may have exposed customers’ personal and payment information to an “unidentified third party”.

The company warned customers in an advisory note to watch their credit or debit card statements closely and to report unusual activity to their bank.

While it did not store payment information on the Princess Polly site, the company said that the attackers may have been able to capture payment details as they were typed into the site.

“When you enter payment information on our site, it is redirected to a payment gateway which means that Princess Polly does not process the payment information and it is not stored by Princess Polly,” it said.

“However, during this incident the third party may have been able to access credit card details while being entered at check-out.”

Princess Polly said that the data breach had been uncovered “recently” and that it impacted customers that shopped on its A/NZ site between 1 November 2018 and 29 April 2019.  

In addition to payment details, the attacker or attackers may also have been able to access billing and shipping name, address, email and phone number, date of birth; and usernames and passwords.

Customers that used alternative payment options did not have their payment information compromised, according to the company.

The e-tailer warned customers to change their passwords and to be vigilant against phishing and other scams that may attempt to make use of stolen information.

“For those customers who made purchases using Afterpay or PayPal, there is no evidence to suggest that your payment information has been affected,” Princess Polly said.

Co-CEO Wez Bryett said that the e-tailer had “appointed external IT and cybersecurity consultants to fully investigate the incident.”

“These experts have confirmed that our website is now secure, including any personal or payment information provided when shopping with Princess Polly,” Bryett said.

“We are extremely sorry that this incident has occurred. At Princess Polly, we have always prided ourselves on doing the best we can for our customers and apologise for any impact this incident has on our customers.

“We take the protection of our customers' data very seriously and have further strengthened our security measures to ensure that our customers' information is secure.”

The e-tailer said that it has now upgraded its payment gateway provider to Braintree, “a PayPal owned company, who meet the highest security standards”.

It said that its US website was not affected by the incident.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data breachprincess pollyretailitsecurity

Partner Content

DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform
The case for postponing mainframe migration has eroded
Partner Content The case for postponing mainframe migration has eroded
Vast majority of surveyed firms still rely on password authentication
Promoted Content Vast majority of surveyed firms still rely on password authentication
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Ry Crozier
Jun 1 2019
12:02AM
0 Comments

Related Articles

  • Officeworks stands up its own enterprise identity platform
  • Australian gov data breach numbers slip out of public view
  • Azure misconfiguration exposed ISOC members' info
  • NSW Education had unknown vulnerability in breached system
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers

Macquarie Bank creates a broker portal on Salesforce

Macquarie Bank creates a broker portal on Salesforce

Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability

Intel launches new AI chips

Intel launches new AI chips

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.