Wine enthusiasts seem to be suddenly alerted to the news of the Missing Link Data Breach. As we stated recently, Missing Link seems to be following the response playbook that downplays the sensitivity of the data lost claiming the hackers “did not have access to any driver license numbers, Social Security numbers, CVV verification numbers, or PIN numbers (data which we would typically not collect anyway).” Congratulations.
But wine drinkers are starting to understand that this company didn’t do enough to protect their names, credit card numbers and billing addresses.
The Missing Link/eCellar data breach is somewhat reminiscent of the multiple retail data breaches that have been in the news such as Home Depot and Target but, a different attack vector. In this case there was approximately 250,000 customers affected as a result of the breach. This also affects customers who purchased wine in store as well by virtue of all the data being stored in the same repository. Short story, web security was lacking in this case. All of the affected parties are now taking the step, mandated by US law, to ensure that they’re providing their affected customers with credit monitoring for a year.
More investigation needs to be done to determine if Missing Link truly failed to adequately protect sensitive information, but it is worth noting that there are mandated standards known as “PCI Standards” that financial institutions and vendors are expected to follow. The only way to truly discover what led to this breach may be a class action lawsuit, ultimately. Its through the discovery and litigation process that companies that failed to live up to standards expected of them are held accountable. And we’ll continue to investigate this class action to uncover how the breach was allowed to happen.