Retail store Hennes & Mauritz (H&M) announced last Saturday, January 25, 2020, that their German unit suffered from a breach. Following the company’s admission, it called its practices “unacceptable.”
According to Reuters, the company initially went under fire after a German newspaper Frankfurter Allgemeine Zeitung reported an investigation on the firm. The probe was reportedly called into action by Johannes Caspar, the State Data Protection Commissioner who hails from Hamburg.
In particular, the Zeitung’s report centered on management staff from H&M probing into the personal lives of its staff. Moreover, Reuters says Caspar discovered that the H&M management had been storing these personal and confidential employee details.
Based on the article published on Zeitung, Reuters notes that H&M management was able to collect specific data from the workers. These include illnesses and other personal events and circumstances for H&M workers in Germany and Austria.
The New York Times reports that Nuremberg management staff of the Swedish fashion retailer kept records of their employees. Confidential details from affected individuals amounted to 60 gigabytes worth of information, all of which were described as “detailed and systematic.”
Some of the illnesses and disease information obtained by the German superiors include cancer and bladder problems, says the New York Times. Apart from these, the superiors also asked employees about their holidays and their respective experiences. Moreover, the management also discussed personal matters such as family disputes, intimacy, and bereavement.
Upon further probing, Caspar found that the 60-gigabyte worth of data was available for use and access for all superiors, reveals the New York Times.
In a statement, Caspar said, “The qualitative and quantitative extent of the employee data accessible to the entire management level of the company shows a comprehensive research of the employees, which is without comparison in recent years.”
Following the incident, an H&M spokeswoman issued a statement on behalf of the company. “The local team has taken a range of action[s] and is in close dialogue with all colleagues. Since the incident is in legal examination… we cannot further comment on that at the moment,” shares the spokeswoman.
Upon announcing the data breach incident in its German unit, H&M shares reportedly went down by 1 percent on Saturday, reveals Nasdaq.
Besides expressing disapproval on the data security breach actions committed by its German unit, H&M also apologized to the affected individuals.
If convicted and charged with illegally storing the said details, the Hennes & Mauritz brand will be expected to pay a fine amounting to $1 billion. The New York Times said the Hamburg Data Protection Commission will be responsible for imposing fines and actions.