Suggestions

Enroll in Fashion Law Course
·

How To Prevent a Data Breach In Fashion Branding

5 mins read
September 23, 2022

After the ALPHV ransomware gang, also known as the BlackCat ransomware gang, was able to successfully steal Moncler’s information, the Italian luxury clothing company revealed that it had undergone a data breach. BleepingComputer claims that the stolen data was exposed on the dark web. Another attack using malware on a fashion label Guess DarkSide, connected to the Colonial Pipeline terrorists, is still doing harm. 1,300 workers and contractors of Guess who had their personal and banking information compromised during the incident have begun receiving letters. In 2020, Marriott Hotels were fined £18.4 million by the Information Commissioner’s Office (ICO – the UK’s data protection regulator) for a major data breach, affecting up to 339 million guests. Names, contact information and passport details were compromised in a cyberattack. There have been several known cybersecurity cases involving luxury brands. The environment of cyber threats has significantly changed in recent years, and cyberattacks have increased significantly in the garment manufacturing sector. These attacks are expensive, with immediate damages from $50K on the low end to $2M on the high end. This cost does not take into account the effect on operational productivity when a target is unable to send merchandise for several weeks.

According to the University of Maryland, 1 in 3 Americans are victimised by hacker attacks annually, which occur on average every 39 seconds.[1] As we’ve seen over the years, fashion companies are not exempt from being victims of cybercrime. Numerous major shops and brands, had millions of their customers’ personal information exposed. It’s crucial that the fashion sector embraces technology at a rapid rate without compromising consumer security or operational efficiencies in order to draw in customers and improve their IT infrastructure. Any investment in new retail technology innovations or working with outside contractors necessitates that a fashion brand trust the technology partner with sensitive information. This is true whether the technology partner is creating virtual runway shows, digitising a collection for a campaign, testing out a virtual try-on system, or implementing a new inventory management system.

These details could be secret client information, pricing and inventory data, design files and patterns for upcoming collections, photorealistic 3D CGI renderings of top models, or pricing and inventory information. Virtual try-on (VTO) systems provide a special cybersecurity risk to brands since they frequently record highly sensitive information about the measurements and/or photographs of customers and may also record sales activity and operational analytics. Fashion brands need to be aware of the potential liabilities they may face if they choose retail technology partners or outside contractors who lack adequate protection and threat detection systems and procedures, or if they are poorly prepared to handle security data breaches, as this may expose fashion brands to cyber threats. The three most frequent cybersecurity breaches, along with compromised login credentials, malware, and employee authorization settings, are insider threats like social engineering and back-door application breaches caused by poorly built external software or insecure network architecture. Before choosing partners who have access to such crucial information, it is essential to carefully analyse the data protection rules and practises of technology providers.

Virtual try-on (VTO) systems have received attention because of customer dissatisfaction with fitting rooms, which has been exacerbated by regulations or store policies that make the operation of fitting rooms impractical or unprofitable (a survey found that 65% of women and 54% of men do not feel safe trying on clothes in fitting rooms in a post-COVID-19 world). Many companies and retailers are now considering VTO solutions to provide customers with the same fitting confidence that comes from physical try-on but in a “contactless” procedure. With fewer returns and exchanges, VTOs can boost consumer confidence in fit, boosting sales and lessening the industry’s environmental impact.

In a typical VTO system, a mobile camera or 3D body scanner takes numerous full-body pictures of the customer wearing either form-fitting apparel or undergarments. These photos allow for the extraction of a variety of measures, which then results in made-to-measure or fit recommendations for clothing. A photorealistic and dynamic animated model of the customer’s own body can be displayed dressed in 3D digital replicas of clothing in recommended sizing in more sophisticated systems, such as the Modern Mirror’s AFS. In-depth analytics about client interactions, body types, fit and style preferences, and purchasing habits can also be produced.  The quantity of data that fashion manufacturers and retailers are able to gather about their customers has already drawn notice. Security experts have expressed worry over the years about apps that employ selfie images taken at home that record not only the user’s appearance but also the surrounding environment and, in some circumstances, location. This kind of data can be studied to gain even more knowledge about a user’s lifestyle and routines, which is already happening with social media sites.

Understanding the variety of personal information and other data luxury businesses own is crucial for both appreciating why a brand house is a top target for cyberattacks and for creating and implementing appropriate data rules, procedures, protections, and protocols. For luxury brand houses, there are three main categories of personal and commercial data that are particularly important:

  • Personal information, including potentially sensitive or health-related information,
  • product information that may be connected to a specific deserving owner, and
  • intellectual property (IP).

Reasons for cyberattacks

  1. “Phishing,” which is the dishonest attempt to get sensitive information or data by posing as a reliable entity in an electronic connection, is a method of stealing credentials.
  2. Breach of systems that are not properly secured

The process of defending against all potential threats is complicated, however the following fundamental concerns should be addressed as best practise:

Inform your users.

Email is a popular method for cybercriminals to infiltrate systems. Users are receiving emails asking them to reset their passwords that appear to be from well-known companies like Microsoft, Zoom, etc.

How to Prevent it:

A luxury brand’s reputation might suffer greatly from a data leak. When it comes to cybersecurity, prevention and mitigation are ultimately the strongest defences. A premium brand house can take specific, purposeful efforts to lessen its appeal as a cyber target if it is aware of the full breadth and depth of the personal data and other information it owns. Luxury companies would benefit from increased investment in cybersecurity, while precise measures may depend on an organization’s nature. Several examples of realistic actions that all firms can generally take to increase digital security are provided below:

Technical audits: To completely comprehend an organization’s data, hardware, devices, systems, and personnel, regular audits should be conducted. Organizations should always look for their weaknesses.

To protect against phishing, companies must establish clear protocols with their email users and educate them on how to avoid clicking on links and attachments in emails. The more steps someone takes to make an attachment appear legitimate, the greater the likelihood that a recipient will open it and compromise the company’s entire network. Backups should only be accessible one-way, and be away from everything. If there’s a fire in the building or a natural disaster at the office, the backup server is at risk for damage or destruction. Systems open to the internet should be kept to a minimum.

Organisations should review their supply chain to consider what measures key suppliers have taken. Designated incident management teams and a practical response plan should be established. There should be policies and procedures which cover data and system security, regulatory and compliance issues. Certification can be useful to add credibility by demonstrating that an organisation or its product or services meet information security and management requirements.

If your users aren’t responsible for a breach, one of these endpoints most likely will be. Having a memorable longer password or even a phrase is key. Using biometrics where possible is even better.

Each incident is an opportunity to learn what practices to limit harm the next time. Evaluate whether a team responded appropriately and whether additional resources are needed. There are many nuances that will impact actions in each case. Not every incident is a catastrophe, but they can be worse if a plan is not in place.

[1] https://www.cybintsolutions.com/author/devon-milkovichbarbri-com/

 

Author: Nayiesha Puri

Fashion Law Journal

Fashion Law Journal covers the legal landscape of the fashion industry and its stakeholders, providing the latest updates, how-to guides, and exclusive content for fashion law fratenity. An initiative and publication of Dept of Fashion Laws, Legal Desire (www.legaldesire.com)

0 Comments

  1. F*ckin’ remarkable things here. I’m very glad to see your article. Thanks a lot and i’m looking forward to contact you. Will you please drop me a e-mail?

    Reply

Leave a Reply

Your email address will not be published.

Previous Story

In Conversation with Mr. Lorenzo Maria Di Vecchio: Legal, Ethics & Compliance Director EMEA at Christian Dior Couture

Next Story

Is wearing a Hijab culturally the same as wearing a Turban?

Latest from Fashion

Luxury Brand Study : CHANEL

Chanel, one of the most famous luxury brands in the world, is known for its elegance and timeless design. Chanel was founded by the