FatFace would like everyone to keep its data breach “strictly private and confidential”

FatFace would like everyone to keep its data breach “strictly private and confidential”

FatFace would like everyone to keep its data breach "strictly private and confidential"

British fashion retailer FatFace has been hacked.

Whoops! I said it. Sorry.

I’m not sure FatFace wanted anyone to talk about it, so maybe I shouldn’t have mentioned it.

Because its email notification to breached customers stars like this:

Fatface email

“Strictly private and confidential”

Let’s read a little further:

Fatface email 2

“Please do keep this email and the information included within it strictly private and confidential.”

What a shame FatFace hadn’t been quite so cautious about the privacy and confidentiality of its customers, eh?

An unspecified number of them have had their names, email addresses, address details, and partial payment card details (last four digits and expiry date) compromised.

FatFace discovered suspicious activity on its network on January 7 2021, and says it quickly put things right.

However, it has taken FatFace over two months to tell its affected customers.

EmailSign up to our newsletter
Security news, advice, and tips.

FatFace tries to explain away the delay by saying it has taken time to “clearly identify who was (and was not) involved in this incident and to identify precisely what information was involved”.

“This identification effort was comprehensive and coordinated by our external security experts; it therefore tiook time to thoroughly analyse and categorise the data to ensure we can provide the most accurate informtion possible.”

This is the reason FatFace gives for not raising the alarm earlier. This is the reason why people who continued to shop on FatFace’s website after the hack was discovered, were not informed that there had been a security breach. It’s definitely not because FatFace was worried that it might put some people off shopping with them.

Well, never mind. I’m sure other potential customers will be comforted by the thought that FatFace wanted customers who had had their pesonal details stolen by hackers to keep it secret, and not talk about it to anyone.

FatFace says in the email that it would rather no-one talked about that “FatFace is a safe place to shop, both in store (when we can reopen our shops) and online.”

Unsurprisingly, some customers have taken their disappointment with the way FatFace has communicated the hack public, posting on social media.

But yeah, FatFace would rather if you just took it to a private DM instead…

Fatface tweet

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *