14 DAY TRIAL // Australian clothing brand Witchery, owned by Country Road, has been forced to take down its mobile websites after customers noticed that they could access other people’s information via the site’s “track my order” function.
According to news.com.au, users could see the personal details of other customers, and even edit the information. The exposed information includes names and addresses.
Fortunately, credit card details could not be accessed. Also, the desktop version of the website hasn’t been impacted.
Country Road describes the issue as a “small problem,” which their third-party provider is working on addressing.
However, as experts from security firm Sophos highlight, that a leak of personally identifiable information should not be taken lightly, even if financial information hasn’t been compromised.
“[Their description] seems to imply that as long as what's breached doesn't have some immediate financial connection, such as a credit card number or expiry date, it doesn't really count,” Sophos’ Paul Ducklin noted.