THE WHAT? Japanese beauty e-tailer Acro has been hit by a third-party data breach, which exposed more than 100,000 payment cards across two of its four beauty product websites.
THE DETAILS The hack took place on the Three Cosmetics domain as well as Amplitude, with data exposed by consumers that purchased items between 21st May, 2020 and 18th August, 2021.
Stolen data included cardholder names, payment card numbers, dates of expiry and security codes, according to The Daily Swig.
The breach has been reported to law enforcement and Japan’s Personal Information Protection Commission, with affected customers having been notified by Acro from 24th February.
THE WHY? The attack is thought to have compromised a vulnerability in the payment processor’s systems.
Acro has since apologized to consumers, urging people to monitor their financial statements for suspicious activity.
The online retailer has bolstered its cybersecurity based on the conclusion of the investigation.