Cosmetics firm Avon leaks 19 million customer records

The latest data breach has struck the purveyor of lower-cost cosmetics - Avon. Once a staple of door-to-door selling, the company has operated a successful online business for many years.

It has been revealed by the specialist technology media (such as Computer Weekly) that a misconfigured cloud server at global cosmetics brand Avon was discovered leaking 19 million records. Among the data exposed was personal information and technical logs. The loss of this type of data has also been reported by Avon via a notification sent to the US Securities and Exchange Commission (SEC). In a statement the cosmetics firm said: “Avon … after suffering the cyber incident... is planning to restart some of its affected systems in the impacted markets throughout the course of next week. Avon is continuing the investigation to determine the extent of the incident, including potential compromised personal data. Nevertheless, at this point it does not anticipate that credit card details were likely affected, as its main e-commerce website does not store that information.” The issue has been picked up on by Ed Macnair, CEO of Censornet. Macnair tells Digital Journal: "This is another example of a big name playing fast and loose with the sensitive data of their customers, and the scale of this leak is particularly embarrassing for Avon." Macnair adds, tellingly: "It is simply unacceptable that a database of this size was left exposed with no password protection or encryption." He adds that the type of data that has been exposed is potentially serious: “The leaked information provides hackers with everything they need to launch a multit ..