Over 1.3 million shoppers’ data exposed by Walmart’s partner

The personal data of 1,314,193 US and Canadian shoppers was publicly exposed online by Walmart’s jewelry partner, Limogés Jewelry. Security experts at Kromtech, an international IT investment and development company, discovered the data in a publicly accessible Amazon S3 bucket. This latest incident is less than a month since Kromtech discovered thousands of FedEx customers’ sensitive information on a publicly accessible Amazon S3 server.

Key findings

  • The database was left exposed online since January 13, 2018
  • It included names, addresses, zip codes, phone numbers, email addresses, and plaintext passwords for more than 1.3 million shoppers
  • It included records from other retailers
  • Internal MBM mailing lists, payment details, promo codes, item orders, and encrypted credit card details were also found
  • The exposed records dated back to 2000
  • The shoppers’ passwords were so simple that a password-cracking machine using only regular words could have cracked them easily

Soon after the discovery, Kromtech’s researchers contacted Walmart and the database was secured.

Protect your organization and your customers’ personal data

Although the database was promptly secured, data could still have been accessed. This serves as a reminder that customer data must be secured and properly stored. Organizations need to conduct information asset audits regularly. Information audits are an important part of a comprehensive information security management system (ISMS). ISO 27001 is the international standard that describes best practice for an ISMS. Achieving ISO 27001 certification demonstrates that an organization has conducted due diligence in protecting personal, sensitive, and private data.

Join our free webinar on the ISO 27001 ISMS internal audit

An internal audit is an effective measure to assess whether your ISMS is functioning as it should, and one of the requirements for ISO 27001 certification. IT Governance is running a new and exciting webinar to provide an overview of the internal audit process under ISO 27001. Register now!

Learn how to implement an ISMS and achieve ISO 27001 certification

IT Governance’s ISO 27001 Foundation and Lead Implementer courses will guide you through the ISO 27001 ISMS implementation process. You will gain an understanding of the activities needed to plan, implement, and maintain an ISO 27001-compliant ISMS. Learn more about the ISO27001 Certified ISMS Foundation Online course and the ISO27001 Certified ISMS Lead Implementer Online course. Book your place now!

Leaders in ISO 27001