Fat Face suffers customer and staff data breach
British clothing and accessories retailer Fat Face has revealed it suffered a security breach in January 2021, with some employee and customer information including names, addresses, and some credit card information disclosed.
Customers and staff affected have been informed of the incident. Police, the Information Commissioner's Office, and the National Cyber Security Centre have also been notified of the data breach.
In an email sent to affected customers seen by TheIndustry.fashion, the retailer confirmed that “payment card information cannot be misused for fraudulent transactions, so you do not need to cancel your payment card on this basis,” adding that “no other financial data relating to you was involved in this incident.”
Despite that data breaches are a matter of public record in countries that comply with General Data Protection Regulation (GDPR), customers were initially warned that the email was "strictly private and confidential".
In a statement, the retailer said: "Fat Face was subject to an IT incident and became aware that some of our systems were accessed by an unauthorised third party. Unfortunately, following expert investigation, we now understand that this third party was able to access certain employee and customer related information.
"Following a thorough exercise involving data analysis and categorisation, we are now contacting a select number of employees, former employees and customers and providing appropriate guidance and support.
"Our teams have worked non-stop with third party experts to contain the incident, get our systems operational and minimise the impact. The responsibility we have to our customers and colleagues is our highest priority and we continue to invest in security measures to mitigate the growing range of risks faced by businesses."