U.K. home supply chain B&Q exposed the information of 70,000 people allegedly involved in some type of criminal activity in one of the chain’s stores.
The Elasticsearch database was uncovered by Cntrlbox Information Security’s open data monitoring system which spotted thousands of lines of information related to the chain. The information included the first and last name of those involved in store-level security incidents, along with the product codes of the property involved, cost of any theft that took place and store location. Also included were detailed accounts of each incident including descriptions of those involved and any other information that was deemed pertinent.
Cntrlbox informed .B&Q, through its parent company Trade Point, on Jan. 12 via email that its information was exposed. The company did respond that it was aware of the issue but did it take down the database, Cntrlbox said it then tried to communicate to additional B&Q staffers through Twitter and LinkedIn. A second positive response was received on January 16, but nothing was done until Jan. 23 when the database was removed.