Shoe retailer Office has received an official warning from the Information Commissioner’s Office after online customer details were hacked.
Details of one million customers were exposed in a security breach in May last year after they were accessed through an unencrypted database.
No customer payment details were compromised. Office has since taken measures to address the issues the breach highlighted and has decommissioned the affected servers, according to Computer Business.
Sally-Anne Poole, enforcement group manager at the Information Commissioner’s Office said: “All data is vulnerable even when in the process of being deleted, and Office should have had stringent measures in place regardless of the server or system used.”
“The need and purpose for retaining personal data should also be assessed regularly, to ensure the information is not being kept for longer than required.”
The problem occurred because the affected system was about to be taken out if service so, although security tests had been done, the results had not been assessed.