U.K. home supply chain B&Q exposed the information of 70,000 people allegedly involved in some type of criminal activity in one of the chain’s stores.
The Elasticsearch database was uncovered by Cntrlbox Information Security’s open data monitoring system which spotted thousands of lines of information related to the chain. The information included the first and last name of those involved in store-level security incidents, along with the product codes of the property involved, cost of any theft that took place and store location. Also included were detailed accounts of each incident including descriptions of those involved and any other information that was deemed pertinent.
Cntrlbox informed .B&Q, through its parent company Trade Point, on Jan. 12 via email that its information was exposed. The company did respond that it was aware of the issue but did it take down the database, Cntrlbox said it then tried to communicate to additional B&Q staffers through Twitter and LinkedIn. A second positive response was received on January 16, but nothing was done until Jan. 23 when the database was removed.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.