Kylie Jenner’s skin and makeup company Kylie Cosmetics notified its customers that their data may have been comprised following the security breach of payments partner Shopify.
The company announced on its website about the unfortunate news, citing the ‘possible’ exposure of customers’ names, addresses, email addresses, and credit card numbers. Initially, Kylie Cosmetics reported exposure of customers’ last four digits credit card numbers but later confirmed that no payment details were accessed.
The makeup firm isn’t at fault because its payment partner Shopify was the one targeted. In fact, two ‘rogue’ staff members stole order records and exploited sellers, including Kylie Cosmetics.
Less than 200 merchants were affected, and Kylie Cosmetics is the recent company confirming the data breach. On its website, the cosmetics company stated its disappointment to learn about the breach that might have affected its customers.
Upon learning about the Shopify’s data breach incident, the cosmetics company reached out to the payments partner and conducted its own investigation. They’ve worked closely with Shopify to acquire additional information on the breach incident.
Aside from the credit card numbers, the company is also looking at any transactions that may have been affected and is reaching out to customers who are likely to get affected. Meanwhile, Shopify claims no data has been used, but they are still in the early stages of the investigation.
Kylie Cosmetics also indicated on their website that Shopify has been engaged in outside forensic investigation, closely working with the FBI, international crime agencies, and digital forensics companies.
The company also assures customers that it’s safe to shop from its website, even though the issue has not been resolved yet. “Your trust is so important to us. And we wanted to let you know we’re working diligently with Shopify to get additional information about this incident,” stated on the website.
Additional controls are implemented by the cosmetics company to prevent the incident from recurring in the future.
Shopify disclosed a data breach incident on Sept. 22, saying former employees stolen a bunch of information from its systems. The suspects were ‘immediately terminated’ and a case has been prepared by the law enforcement.
Security experts claim software and support engineers are the gateways of the security in different organizations, hence the need for added security layer. “It’s imperative that organizations have security controls in place,” said Tripwire senior director Lamar Bailey.