Fashion Nexus data breach – July 2018

On 9th July 2018, an estimated 1.3 million records kept by e-commerce provider Fashion Nexus were compromised by white hat hacker, Taylor Ralston. Ralston was able to take advantage of sub-par security (the Fashion Nexus site is still not HTTPS certified) to access a database containing personal details of the customers of brands who were using Fashion Nexus.

The brands confirmed to be breached by the company were: AX Paris, Granted London, Jaded London, ElleBelle Attire and Traffic People.

The breach was originally revealed by security expert Graham Cluley, who confirmed with fellow expert Troy Hunt that although Ralston revealed the vulnerability on the 9th July, other hackers with criminal intentions may well have accessed the information before this date. The exposed data included: names, email addresses, physical addresses, phone numbers and dates of birth. Whilst Fashion Nexus confirmed that they keep no financial information on record, tech commentators have pointed out that this kind of information is often freely traded on the dark web for use in criminal activity.

Ryan Wilk, vice president at NuData Security (owned by Mastercard) said in an email statement: “Although payment data was not exposed, the personally identifiable information accessed can easily fuel synthetic identity fraud and identity theft.”

He continued: “With these types of fraud, personally identifiable information such as name, address, or date of birth is traded on the dark web to steal a real identity or construct an entirely new fraudulent one for theft. NuData has seen a 100% increase in purchase attempts with flagged – suspicious – credit cards, which are often used under a fake account that has been created with stolen information.”

Fashion Nexus have advised all those who have had accounts with the aforementioned companies to change their passwords, but this advice may come too little too late. If you’ve have had an account with any of the aforementioned companies then your data may have been compromised.

Send us a message using the contact form, call us or start a chat in the bottom right corner to see how we could help you claim compensation.