Programmers breached clothing retailer FatFace, but the company wants affected customers and employees to keep it quiet.
FatFace Digital Security Breach
At the beginning of the year, someone accessed FatFace’s database and downloaded customers’ names, addresses, and credit card info. Last week, the company sent an email to affected parties about the breach. It explained:
“We immediately launched an investigation with the assistance of experienced security specialists who, following thorough investigation, determined that an unauthorized third party had gained access to certain systems operated by us during a limited period of time earlier the same month.”
The message also urged recipients to “keep this email and the information included within it strictly private and confidential.”
Moreover, FatFace marked the email confidential and private. Ultimately, the call for secrecy sparked outrage. Many people noted that under U.K. law, where FatFace is headquartered, companies must disclose data breaches within 72 hours, but consumers are under no obligation to keep it private. As such, FatFace’s attempt at containing the news raised eyebrows.
In its defense, FatFace says it used the email privacy flag “due to the nature of the communication, which was intended for the individual concerned.” A spokesperson explained that the company was only thinking of their customers and “wanted to make this clear.”
An email about the breach also landed in FatFace employees’ inboxes; their message was the same as the consumers’ except for two things. Unfortunately for the workers, the company warned that intruders may have gotten employee bank account information and national insurance numbers, the U.K. version of social security numbers.
At the time of this writing, FatFace has yet to disclose the number of people affected by the security breach.
Get Help from a Security Breach Lawyer in Arizona
Digital breaches happen daily, even to companies with stellar security measures in place. And when chaos strikes, businesses must adhere to international, federal, and state laws that dictate how and when businesses must disclose data breaches.
If you need legal help navigating a data breach in Arizona, get in touch. The Kelly Law Firm has worked with countless clients on digital privacy and data breach legal issues. We know how to mitigate severe public backlash while ensuring you comply with the letter of the law.