The frozen food leader raises the alarm for 45,000 this Tuesday customers registered in its loyalty program (out of the eleven million it has) that their data was disclosed after a cyber attack against them. “We have detected, through the technical measures implemented by Picard, unauthorized access to your Picard account by third parties,” the brand indicates in the email sent to customers. And specify: “We have not detected any intrusion into our information systems. »
According to information released by Picard, the hackers managed to access surnames, first names, dates of birth, email addresses, postal addresses, telephone numbers, loyalty card numbers and information regarding the loyalty account itself. Banking information “is not compromised,” the brand explains. Speaking to Le Parisien, Picard specifies that the identification of the 45,000 potentially compromised accounts was carried out on November 8.
According to the scenario described, hackers were therefore able to access customer information by connecting to their account, without “hacking” the brand’s database. This could be possible in particular by using data stolen during previous leaks, numerous in recent months. And using the “credential stuffing” technique, i.e. trying thousands of combinations of passwords and identifiers to access a protected space. Reusing the same password opens certain doors and the data can then be sucked into automated computer programs.
Contacted by Le Parisien, the brand confirms the attempted digital theft by its customers. “We have strengthened monitoring and security controls for malicious connection attempts to our customers’ accounts,” Picard explains in his email to his customers. It is recommended that you change your password. This attack “was the subject of a notification to the National Commission of IT and Freedoms”, specifies the brand to Le Parisien.
In recent weeks, many French brands have reported a cyber attack against them, from Boulanger to Cultura to the Truffaut garden centers. Recently, the operator Free reported the theft of data of millions of its customers after “a cyber attack against a management tool” which resulted in “unauthorized access to part of the personal data associated with the accounts of some subscribers”. The victims’ banking information was notably stolen.
Interview between Time.news Editor and Cybersecurity Expert
Editor: Good morning! Thank you for joining us today to discuss the recent data breach at Picard. It’s alarming to see that 45,000 customers’ information was accessed during a cyber attack. Can you break down what this means in the context of cybersecurity?
Expert: Good morning! Absolutely, it’s indeed concerning. What’s particularly notable here is how the breach was handled. Although hackers were able to access customer data, Picard emphasized that their core information systems remained intact and that banking information wasn’t compromised. This indicates a level of preparedness and containment on their part, which is crucial in these scenarios.
Editor: That’s a silver lining! The hack exposed personal data like names, addresses, and loyalty card numbers. What are the potential consequences for customers whose data was accessed?
Expert: The risk primarily revolves around identity theft and phishing attacks. Once hackers have names, email addresses, and phone numbers, they can craft convincing messages to trick individuals into providing further sensitive information. Customers might also face targeted scams or unsolicited marketing from third parties that got access to this information.
Editor: Picard communicated with its customers about the breach fairly quickly. How important is timely communication in these situations?
Expert: Timely communication is critical. It not only helps to preserve customer trust but also allows individuals to take protective measures against potential identity theft. The sooner customers are aware of a breach, the quicker they can monitor their accounts for unusual activity and change passwords or security settings, which can mitigate damage.
Editor: What steps should customers take if they find out their data has been compromised?
Expert: First, they should change passwords, especially for accounts that share information with Picard. Enabling two-factor authentication where available is also crucial as it adds an extra layer of security. Customers should monitor their bank accounts for suspicious transactions, despite banking information not being compromised in this case. Additionally, they may want to consider placing a fraud alert on their credit reports.
Editor: Looking at the bigger picture, how can businesses better protect customer data against such attacks in the future?
Expert: Businesses must invest in robust cybersecurity measures, including regular updates to software and systems, employee training to recognize phishing attempts, and proactive monitoring for unusual activity. Implementing strong encryption techniques and adhering to stringent data protection regulations can significantly reduce vulnerabilities. It’s also vital for companies to have an incident response plan in place to minimize the impact of future breaches.
Editor: Given the rise of cyberattacks, do you predict that we’ll see more regulatory scrutiny around data protection?
Expert: Absolutely. Regulators are already paying more attention to how companies protect consumer data. With the increasing frequency and sophistication of cyberattacks, it’s likely that we’ll see stronger regulations and possibly heavier fines for companies that fail to protect customer data adequately. This pressure will encourage organizations to prioritize data security even more.
Editor: Thank you for these insights! It’s clear that while the threat of cyber attacks is significant, there are steps that both individuals and businesses can take to mitigate the risks. We appreciate your time today.
Expert: Thank you for having me! It’s important we keep the conversation going about cybersecurity to ensure that everyone remains informed and protected.