New York - The Brazilian subsidiary of fashion chain C&A has confirmed it recently suffered a cyber attack to its gift card platform. Personal information from customers who bought gift cards from this platform have been exposed.
As revealed by Brazilian media and confirmed by C&A in a corporate communication, data from customers who purchased gift cards was leaked such as ID numbers and email addresses. Other information leaked includes the amount loaded into the cards, order number and date of purchase.
The exact reach of the attack is yet to be confirmed, as C&A hasn’t made any comments regarding the scale of the data breach. The fashion group said in a statement that it detected a "cyber attack movement" in its gift card and exchange system last Thursday and that it immediately actioned its contingency plan, as well as legal proceedings to treat the issue.
Local technology news website ‘Tecmundo’ estimates data of about 36,000 customers has been exposed in the attack.
The Public Ministry of the Federal District and Territories (MPDFT) has opened an investigation to investigate the possible leakage of data from 2 million customers of C&A, reports Brazilian newspaper ‘O Globo’. In response, C&A acknowledged via statement that "The company suffered a cyber attack on its gift card/exchange system last week and, as soon as it identified, it triggered its contingency plan and notified the relevant authorities," he said.
Regarding next steps, the apparel group also stated that it "is actively working to comply with the new Brazilian legislation on the subject that will take effect in 2020. We reiterate our strong commitment to ethical action."
Last but not least, C&A added that it does not use personal data for any unauthorized purposes: "we reiterate our commitment to ethics and respect to the laws and that we work to offer the best possible experience to our customers, and that includes the online environment."