JD Group confirms data breach

Jan

Jan

Who's the Boss?
Staff member
Joined
May 24, 2010
Messages
14,789
Reaction score
13,438
Location
The Rabbit Hole
Half a million customers hit by Incredible, HiFi Corp, and Everyshop data breach

Pepkor-owned JD Group has confirmed that it suffered a data breach that exposed the personal information of over half a million of its customers.

On Wednesday, 31 May 2023, the retail company published notices on the websites of all its stores from its Group CEO, Peter Griffiths, informing customers of the breach.
 
airborne said:
Why are there never any repercussions for companies not keeping user data safe?
Click to expand...

lkswan747 said:
My thoughts exactly! Had this happened in the EU there would be hell to pay.
Click to expand...
Because they implemented the act as a knee jerk. But without any of the skills or knowledge to enforce it. The judiciary and lawyers have no clue what to do with it and until something actually gets litigated it's all theory. It's the most pointless thing.
 
"... customers on a pubicly-accessible hacker forum on Saturday, 27 May 2023."

Pubicly? As in with your nether regions.
I have heard of biometric facial recognition and fingerprint recognition but clearly this is something new.
 
eleventh said:
"... customers on a pubicly-accessible hacker forum on Saturday, 27 May 2023."

Pubicly? As in with your nether regions.
I have heard of biometric facial recognition and fingerprint recognition but clearly this is something new.
Click to expand...
Sigh..

/unzips
 
Its a backup, not live data unless they decided to remove everything from 2020 onwards, as it ends at 2020.
 
r00igev@@r said:
But doesn't JD Group use a sophisticated Fortinet firewall?
Click to expand...
Yep many cyber security compliance questionnaires are so out of date.

They still ask if you are running a next generation firewall. Never mind if it's properly configured or not.

You know what they don't ask? Does the person responsible for approving the IT budget, have an IT qualification?
 
eleventh said:
"... customers on a pubicly-accessible hacker forum on Saturday, 27 May 2023."

Pubicly? As in with your nether regions.
I have heard of biometric facial recognition and fingerprint recognition but clearly this is something new.
Click to expand...
Balls!
 
neoprema said:
Its a backup, not live data unless they decided to remove everything from 2020 onwards, as it ends at 2020.
Click to expand...
Probably not even that. It’s likely an export for marketing or other purpose that was on some laptop somewhere which got breached.
 
Sapphiron said:
Yep many cyber security compliance questionnaires are so out of date.

They still ask if you are running a next generation firewall. Never mind if it's properly configured or not.

You know what they don't ask? Does the person responsible for approving the IT budget, have an IT qualification?
Click to expand...
Oh, but you don't need humans with Fortinet, you can use AI!
www.fortinet.com

How Artificial Intelligence (AI) Can Help With Cybersecurity Threats | Fortinet

Artificial intelligence (AI) in cybersecurity protects businesses against known and emerging cyber risks in a fast, scalable way that requires little to no human intervention. Discover the role of artificial intelligence in strengthening your cybersecurity posture.
www.fortinet.com www.fortinet.com

You don't need an IT qualification as you can look for the leader in the magic quagnire from Gartner who also stole our South African tax payers money.
 
neoprema said:
Its a backup, not live data unless they decided to remove everything from 2020 onwards, as it ends at 2020.
Click to expand...

Data was likely taken by an IT staff member from the inside and given to a third-party back in 2020. Agreed, this is not recent data nor is it live data.
 
r00igev@@r said:
But doesn't JD Group use a sophisticated Fortinet firewall?
Click to expand...

A network firewall is just a fraction of all cyber security controls so only having a firewall (even if it is administered by a competent team) is like wearing 5% of a condom and then wondering why a swimmer got past.

If you use cloud/SaaS services, Exchange Online, Onedrive, Wetransfer, Dropbox, etc. then all of those are not protected by a network firewall. It's like locking the front door but your employees are doing dumb stuff with your client data in an unprotected building down the street.
 
Last edited:
  • Like
Reactions: OCP
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X