Rapaport News




Advanced search
Latest Articles
Rough Markets
Polished Markets

Signet Fixes Data Issue at Kay, Jared

Configuration problem left some customers’ personal information exposed.
Dec 5, 2018 10:37 AM   By Rapaport News
Print Print Facebook Facebook Twitter Twitter Share Share

RAPAPORT... Signet Jewelers has repaired a configuration bug on the order pages of subsidiaries Kay and Jared that accidentally exposed the personal information of customers who purchased online.

A Jared customer contacted Signet last month after noting he could see other buyers’ order information by slightly modifying the link in his own confirmation email. The accessible data included names, billing addresses and the last four digits of customers’ credit-card numbers.

The customer then contacted cybersecurity news website Krebs on Security when there was no change in his ability to view others’ data. Signet had, in fact, fixed the problem for all future orders, but it hadn’t solved it for past and current orders, Krebs cited Scott Lancaster, Signet’s chief information security officer, as saying. The jeweler later resolved the data leak for all orders, Lancaster continued.

“In early November, a customer made us aware of a configuration detail associated with the completed-order confirmation page for our e-commerce websites for Kay, Jared and select North American regional banners,” Signet told Rapaport News Tuesday. “The affected order-confirmation page only included information such as name, billing and shipping address, phone number, order details, and last four digits of the credit card used, but did not include sensitive information such as full credit-card numbers, usernames and passwords to accounts, or social-security numbers.”

Online sales have grown over the past year, culminating in the largest US online shopping day of all time on Cyber Monday, which grossed $7.9 billion. Organized retail crime is also climbing, with 92% of companies surveyed by the National Retail Federation stating they had been a victim within the past year. Retailers attributed that increase, in part, to the ease of online fraud, the trade body said last month.

“We are a customer-first company, and when we fall short of expectations, we own it,” Signet added. “While we immediately addressed and fixed this configuration detail for all past, present and future orders, we are continuing to work with multiple third‐party experts to confirm and enhance the security of our e-commerce websites.”

Image: Kay store. (Signet Jewelers)
Tags: Cybersecurity, e-commerce, Jared, kay, Kay Jewelers, online sales, Rapaport News, retail, Signet, Signet Jewelers
Similar Articles
Comments: (0)  Add comment Add Comment
Arrange Comments Last to First

Call Us: 1-702-893-9400
Member License Agreement   RapNet Trading Rules & Code of Conduct    Privacy Policy  
twitter twitter
About Rapaport
Advertise with us