Report on Supply Chain Compliance 3, no. 16 (August 20, 2020)
Avon, a popular cosmetics company that sells door to door and online, experienced a data breach[1] caused most likely by ransomware employed by a known hacker group. Sensitive personal data of 19 million customers was leaked, including names, home addresses and email addresses.
The breach is particularly dangerous as many of Avon’s customers are considered to be older and less tech savvy, ousting them at additional risk of phone and mail scams perpetrated using the leaked data.
Avon has issued multiple statements regarding the hack and has been engaging forensics teams to discover the cause of the leak and to shore up its information technology protocols. According to CEO Angela Cretu:[2]
Our teams are working around the clock alongside the world-class technical experts to re-establish our affected systems.…We are in the process of determining whether personal information has been compromised, and we believe that credit card details were likely not affected as our main ecommerce website does not store that information. Should Avon confirm any suspicious activity affecting individuals’ data, we will notify affected individuals and take all appropriate action.