Customers' Cybersecurity Under Threat After Avon Reports a 'Cyber Incident'

Avon Data Breach

In the aftermath of a cyberattack, the targeted company needs to quickly disclose as many details as possible. It needs to explain what sort of attack it's been through, who might be affected, and what the consequences for individual users could be. For reasons that remain unclear for now, international cosmetics retailer Avon appears to be struggling with this.

On June 9, the company published an 8-K form with the US Securities and Exchange Commission (SEC), which explained that Avon had suffered what the filing called "a cyber incident in its Information Technology environment." The retailer said that some of its operations were affected but was adamant that it was still not entirely sure how big the attack had been. Three days later, Avon filed another 8-K filing with an update on the "cyber incident." According to it, the company was restarting some of the attacked systems and was still in the process of determining what had happened exactly. For the first time, it mentioned that some personal data might have been compromised, though it was quick to point out that people's credit card details are unlikely to be affected.

This just about sums up the official information that has come out of the company, and you have to agree that it leaves quite a few open questions. People have been trying to answer them.

Customers and security researchers are wondering what's going on

One thing that is certain is that the attack was pretty serious. Even now, more than a week after the first 8-K filing, the websites of a number of Avon's branches all around the world are down. In some cases, users see a message telling them that the website is being overhauled while others simply say that it's not available at the moment.

The exact nature of the attack was not disclosed in the SEC filings, which has led to a lot of speculation. In January, for example, a Brazilian company by the name of Natura & Co. bought a majority stake in Avon. In May, about 250 thousand of Natura's customers were affected by a major data leak, and predictably, people are now wondering whether the two incidents might be connected. Meanwhile, the operators of a major ransomware family have claimed responsibility for the attack.

DoppelPaymer: We attacked Avon

The DoppelPaymer ransomware has been around for a while now, and it has been involved in quite a few major attacks against large organizations and businesses. Last year, it, along with a few other major ransomware threats, added a sinister twist to their operations.

Usually, the ransomware attack's only goal is to encrypt the victim's files and blackmail them for a ransom. In 2019, however, the operators behind DoppelPaymer, Maze, and a couple of other ransomware strains started stealing data before scrambling it. That way, when the targeted company refuses to pay for a decryptor, the crooks can threaten to leak the pilfered information to the whole world. If the stolen data is sensitive, and the victim is still not willing to pay up, the crooks can also sell it on the dark web.

DoppelPaymer's operators set up a special website where they first publish the names of their victims and then leak sensitive data if they refuse to give in to the extortion. The aptly named Doppel Leaks has been operating since February, and according to a Polish penetration testing company called Niebezpiecznik, Avon's name recently appeared on it. But does that really mean that Avon was hit by DoppelPaymer?

The evidence certainly points to a ransomware attack. The fact that some of the systems went offline and are still not restored suggests that the data in them might be scrambled. As you can see, however, this is not just about encrypted data. Sensitive information that belongs to Avon, its employees, and its customers could be leaked at any time, and people should be on the lookout for any potential attacks that could result from this.

As Sophos' Paul Ducklin said, even Avon might not be completely aware of what happened exactly at this point, but it must work to find out as quickly as possible and report the facts to the public. That's the only way people can know what sort of risk they're faced with.

By Duran
June 18, 2020
News
English
June 18, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Are We in the State of Ongoing Cyber War? Cybersecurity Experts Think That We Are

Are we in the state of an ongoing cyber war? The majority of security experts think so. And while most of the regular users might think that cyber war doesn’t affect them directly, you would be surprised how big of an... Read more

May 20, 2020
News

Researchers Discover 20,000 Cyber Attacks Every 15 Minutes Using Cyber Honeypots

Cyber attacks are getting more sophisticated as we speak. As long as you are connected to the Internet, you can get attacked. It is time to chuck away this useless conviction that you are not interesting to... Read more

January 13, 2020
News

Sweaty Betty Customers Are Warned About a 'Sophisticated Cybersecurity Incident'

Over the last few months, the name 'Magecart' has been used with increasing frequency by cybersecurity experts. The term was actually coined a while ago, and it has now come to be used as a collective name for the... Read more

December 10, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.