- The Chanel Korea store has had a database access incident that may have exposed the personal details of its customers.
- The compromised data would be a treasure in the hands of social engineering and phishing actors.
- The number of the potentially affected individuals is undisclosed and the firm hasn’t offered any identity theft protection services.
Chanel Korea, the local seller of Chanel-branded goods, has issued an apology towards its customers over a data breach incident that unfortunately exposed their sensitive information. The notice claims that hackers managed to break into data centers managed by Chanel Korea between August 5 and August 6, 2021. Since this is where customer data is stored, it is possible that sensitive information was accessed or even copied.
The types of data that were held by Chanel include the following:
- Full name
- Birthday
- Phone number
- Product purchase list
- Physical address (optional)
- Gender (optional)
- Email address (optional)
The last three entries are only present on customers who agreed to give this information to Chanel, so they don’t concern the entire data set. What wasn’t compromised is the customer’s registration information and the member username and passwords. Still, if you have an account on Chanel Korea, you should better visit the online shop and change your credentials.
Obviously, the details that have been compromised and which cannot be easily reset, like the names, phone numbers, and email addresses, call for raised caution against potential phishing, scamming, and social engineering attacks. Considering that Chanel is a luxury brand that sells generally expensive goods, customers of the particular shop would be lucrative targets for malicious actors.
Chanel Korea states that the vulnerabilities exploited for the network breach have been identified and patched now, so there’s no risk of this happening again. Also, they kindly ask any customers who have already received suspicious messages to report them to the company in order to investigate and potentially take legal action against the perpetrators.
What the firm hasn’t done is offer some form of identity protection services to the affected individuals. This would come in handy to those who are now at risk of direct attacks and also the propagation of their personal details on multiple dark web portals. Finally, Chanel wasn’t very transparent about how many people may have been exposed due to this incident.
This hasn’t resonated well with the store's customers. Many of them are voicing their disappointment with how a luxury fashion house where they spend thousands of dollars hasn’t invested enough in client data security.