Security & Fraud

Unencrypted Vistaprint Database Exposed Personal Customer Data

Vistaprint Database Exposed Persona User Data

Printing company Vistaprint left an online database containing customer interactions unencrypted, according to a report.

A security researcher named Oliver Hough discovered the unprotected database on Nov. 5. He reached out to the company but didn’t hear back. After the report was published, the company quietly took down the database.

Vistaprint is owned by Cimpress, a company based in the Netherlands. Robert Crosland, a spokesperson for Vistaprint, said customers in the U.S., U.K. and Ireland were affected.

“This is unacceptable and should not have happened under any circumstances,” the company said. “We’re currently carrying out a full investigation to understand what happened and how to prevent any future recurrence. At this time, we do not know whether this data has been accessed beyond the security researcher who found it.”

Crosland noted that the company planned to tell customers about the breach. The database included personally identifiable information on upwards of 51,000 customer service interactions, such as chats with agents or support phone calls.

Some of the interactions contained in the database occurred as recently as September. One of the tables was called “chat,” and included line-by-line conversations between customers and the company. Other information included order numbers and postal tracking data. There were also entire email threads and specific information about phone calls, such as the customer’s mood and the pertinency of the interaction.

Hough said the database was titled “migration,” meaning that it was potentially used to store data before it was moved.

The Vistaprint spokesperson did not provide a reason for why the database was left online without protection.

Vistaprint was started in 1995 and was one of the first companies to take advantage of publishing through the internet. The company was started by Robert Keane, the CEO of Cimpress.

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW