Malware-infected beauty shop hadn’t backed up data in 2 years

Not having a backup and recovery strategy has drastic business implications, as an online vendor of makeup sponges from California found out. Known online as ‘beautyblender,’ Rea.deeming Beauty, Inc. sent a notification to California’s Office of the Attorney General informing the department that their online shop had been infected with malware that stole payment data at checkout.

Because the vendor hadn’t backed up data daily, they couldn’t determine who had fallen victim and what the exact implications of the breach were, writes BleepingComputer. As a result, the company is reaching out to all its 3,673 customers residing in California, because they have no idea who has been affected.

Beautyblender started a forensic investigation and informed its web host after two customers reported fraudulent transactions made with credit cards used on the website. The malware was detected by the web host in October 2017. Third-party investigators confirmed it in November, and reported that the website was infected sometime in July. Hackers had unauthorized access to customer names, addresses, phone numbers, emails and credit or debit card information.

“The forensic investigator then began efforts to determine when the malware was placed on the website,” Beautyblender says. “Unfortunately, due to the lack of backups of the website that were available from the website hosting company, beautyblender has been unable to confirm the date that the malware was placed on the website.”

The company had last backed up its data in April 2015, leaving it extremely vulnerable. Not only were its customers exposed to data theft and fraud, but Beautyblender can’t rebuild the data that consisted in years of valuable information for their business. Failure to kee[ regular, multiple backups is one of the most common mistakes companies make, because in case of natural disasters, system failure or cyberattacks, the company could face permanent data loss.

In the notification email sent to customers, Beautyblender confirms the infected code has been removed from the website, but thorough monitoring of credit card statement is still recommended.

“We have removed the infected code that led to the vulnerability and implemented additional security measures to reduce the likelihood of a similar incident from happening in the future,” reads the email signed by Catherine Bailey, President and COO. “We are providing notice of this incident to those who may have been impacted so that they can take steps to prevent against possible fraud, should they feel it is necessary to do so. We will also notify any required state regulators and the credit reporting agencies about this incident.”

The company has not made public statement.

Leave a Reply