I’ve covered three of these breaches on this blog before, but idRADAR has some new details and includes a breach I hadn’t covered, involving HarryBarker.com:
It’s often tough to know how serious a data breach is in the days immediately following discovery. Some companies like to dance around the specifics. In other cases, there are no specifics to share. Then there are the businesses that clearly believe stalling serves the corporate good. Eventually details trickle out as they did today for several recent breaches covered in this blog. In one case, those details revealed another 38 breaches still waiting to see a little sunshine.
HarryBarker.com, an upscale online doggie products website, is still unable to take online orders following a data breach that first surfaced on July 24th. On August 14th when breach notification letters started hitting mailboxes, COO Michael J. Stolarczyk told idRADAR News he was unwilling to share any breach details. He indicated that our Under The Radar News did not fit the media image his company tried to cultivate. Welcome to the world of data breach, Mr. Stolarczyk where hacks rarely honor any company’s image enhancement plan.
Now Stolarczyk has provided those details in a government filing obtained today. That filing states that a total of 2,064 customers had their credit card numbers compromised. The document also mentions that Harry Barker’s credit card processing was outsourced to several suppliers with “Nexcess being the entity that hosted our e-commerce platform. All credit card information was stored on their servers. Due to a known attack that allowed skimming of credit card numbers via modification of files for Magento (the underlying e-commerce technology), numerous credit card numbers from our clients were illegally obtained.”
Read more on idRADAR.
And here’s a clue to those, who like HarryBarker.com, decline to take alternative media or blogs seriously enough: transparency should not depend on the media. It should be a core value of your relationship with consumers, and if you were more transparent from the gitgo, we wouldn’t be asking questions about basic details concerning a breach.
And if we do ask and you decline to answer our questions, we will investigate and we will likely get answers. And then your lack of transparency will likely come back to bite you.
Then again, some day Congress may actually pass a data breach notification law that actually mandates you provide some of the questions we’ve been asking you. Wouldn’t that make our jobs so much easier….