Space NK, the esteemed British luxury cosmetics retailer, recently fell victim to a cyber attack, leading to the unauthorized disclosure of personal data. The breach, discovered on 18 January, primarily involved the names and email addresses of an individual employee. Space NK, in a notification of the data breach, clarified that customer data, personal information, and centralized databases remained unaffected.
Jini Sanassy, Head of PR at Space NK, conveyed the incident’s urgency, stating, “The breach was discovered today [18 January] and is likely to have taken place this afternoon. The information has been disclosed without authorization by an unauthorized person. We are still investigating the circumstances of the breach because this happened a matter of hours ago.”
Apologizing for the breach, Space NK is actively implementing measures to prevent such occurrences in the future. The company has promptly notified the Information Commissioner’s Office (ICO) about the incident, demonstrating its commitment to addressing the matter transparently.
The breach’s origins are traced back to a phishing email sent at 13:07 on 18 January from an employee’s email account. The company swiftly shut down the compromised email address within an hour of detection. The scam email, void of any message, contained a link to an untitled file, prompting individuals to enter their details.
To mitigate potential risks, Space NK advises recipients to delete any emails appearing as phishing scams from Space NK email addresses. Those who may have opened the attachment and provided details are strongly encouraged to change their passwords immediately. The incident underscores the ongoing need for vigilance and robust cybersecurity measures in the digital landscape.
