On January 17, 2017, the Sydney Morning Herald reported that online fashion retailer, Showpo, was suing a former staff member for allegedly stealing their entire customer database and handing it to a competitor.
It is alleged that the former Showpo graphic designer accessed the contact information of 306 000 Showpo customers, exporting the list and providing it to her new employer and online fashion competitor, Black Swallow.
Update: Black Swallow will pay Showpo $60,000 in damages.
Online email marketing platform, MailChimp, has provided activity history that claims to show the designer accessed the customer database at 9:33pm and exported the client contact list to her home IP address.
The breach exposes a number of flaws in Showpo’s information security policies - flaws that are widespread among small-to-medium Australian businesses.
In an age where data is currency, it is surprising that an online powerhouse like Showpo allowed a graphic designer to effectively hand their customer information over to a competitor. It reveals the growing need for businesses to act in compliance with internationally recognised standards like ISO 27001, the standard for information security management systems.
If Showpo had been acting in accordance with the information security management requirements outlined in ISO 27001, it’s unlikely a breach like this would have been able to occur. Some of the information security controls outlined in ISO 27001 include:
Unfortunately, data breaches like the recent Showpo case are becoming increasingly common across all industries. In October, 2016, the Red Cross Blood Service revealed that the personal information of 1.28 million blood donors was exposed online. The information ranged from name, gender, home and email addresses, phone numbers, dates of birth, blood types and sensitive medical information.
The leak was attributed to human error, and given the massive financial and reputational damage of information security lapses like these, it’s a grave error.
To learn more about why information security management standards like ISO 27001 are critical for your business, get in touch with us today.