Personal Privacy

Jared and Kay Jewelers Suffer Major Data Leak, Revealing All Online Customers’ Private Information

The Infinite Brief
The parent firm of jewelry retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.

A Dallas-based web designer discovered that modifying the link in the confirmation email he received and pasting that into a Web browser revealed another customer’s private data.

The leaked data includes names, billing addresses, shipping addresses, phone numbers, email addresses, items and total amount purchased, delivery dates, tracking links, and the last four digits of the  credit card numbers.

Curated from Krebs on Security

Leave a Response