UK retailer Office suffers data breach

UK shoe store Office is advising customers to change their passwords after discovering they have suffered a security breach.

Office have emailed their customers stating that ‘only accounts created prior to August 2013 have been affected.’ customers name, address, phone number, email address and OFFICE account password has been accessed - so far, no financial data has been affected.

Lamar Bailey, director at Tripwire, said that the sheer amount of information retailers now hold makes them an easy target. “Information has become toxic for retailers because the more they have the bigger a target they become. Most online retailers keep your names, address, phone number, and credit card information on file forever because it makes it easier for customers to return and place more orders since they do not have to enter the information again."

Bailey suggests a new approach might be needed. “It is time to rethink what data can be kept and what the repercussions are for data breaches. Credit card data should not be kept longer than an stores return policy allows after that date the retailer does not need the card anymore and consumers should always check do not save my credit card info anytime that is an option.”

Ian Pratt, co-founder of security firm Bromium also warns “Watch out for phishing emails appearing to come from Office – log into the Office site directly rather than clicking on a link in an email.”

Customers are also reminded to change passwords on any other site that uses the same login and password combination.

Dan Raywood is editor of The IT Security Guru