Kylie Jenner’s make-up firm has confirmed that it has suffered a data breach, compromising customers’ names, address and the last four digits of their credit cards.
Shopify, the platform for Kylie Cosmetics’ online store, said two ‘rogue’ support-team workers had stolen customer data from at least 100 sellers.
Kylie Cosmetics has confirmed that it was among those affected.
However, it has reassured customers that they should continue to shop on its website.
In an email sent to customers, Kylie Cosmetics said: "Your trust is so important to us. And we wanted to let you know we're working diligently with Shopify to get additional information about this incident and their investigation and response to this matter.
"Shopify has assured us that they have implemented additional controls designed to help prevent this type of incident from recurring in the future.”
Unfortunately, there was little that Shopify could do to prevent the data breach, according to Tarik Saleh, senior security engineer and malware researcher at DomainTools.
He said: “Caused by two rogue employees, there was little that Shopify could have done to prevent this, other than perhaps vetting their new hires a little more thoroughly.
“Even so, however, the risk of something like this happening would not have been reduced down to zero.
“ Kylie Jenner ’s cosmetics company followed due process in informing its customers of this security breach. People whose data was stolen should now be careful about what they receive via mail.
“The last four digits of a credit card may not be used to steal funds, but could be a valuable piece of information for anyone looking to design a sophisticated spear-phishing type fraud.”
