Office has signed an undertaking committing to address issues of data protection.
The Information Commissioner’s Office (ICO) has given the footwear retailer a warning after personal data of over one million customers was left exposed due to a hacking incident.
The hacker managed to gain the potential to access customers’ contact details and website passwords via an unencrypted database that was due to be decommissioned. The hacker bypassed technical measures the company had put in place and the incident went undetected, according to the ICO.
Office has now signed an undertaking to ensure issues around the data breach are resolved.
“All data is vulnerable even when in the process of being deleted, and Office should have had stringent measures in place regardless of the server or system used,” said Sally-Anne Poole, group manager at ICO. “The need and purpose for retaining personal data should also be assessed regularly, to ensure the information is not being kept for longer than required.”
“Fortunately, in this case there is no evidence to suggest that the information has been used any further and the company did not store any bank details.”
Office has agreed to address the issues of data protection and has already decommissioned the servers in question and implemented a new hosting infrastructure.