Essential reading for retailers and suppliers in the home improvement market

B&Q leaks information on 7,000 suspected shoplifters

Published: 29 January 2019 - Kiran Grewal
 

B&Q has reportedly given up information on around 70,000 shoplifters on Elasticsearch, according to Australian security researcher Lee Johnstone.

The exposed data included the names of thieves, along with the product codes of the things they had attempted to steal, the total price of the losses, and location data for the stores. Also included were detailed descriptions of people and their vehicles.

According to Johnstone’s report, the instance was operated by TradePoint, the arm of B&Q that focuses on trade-only sales.

He said that it was operating an internal program to track incidents of theft across its stores, along with information about the offenders. The retailer stored all this information in an Elasticsearch database that was connected to the public internet, and without any form of authentication.

Initially there were no identifying information about the retailer involved and the security researchers discovered it was B&Q from the store geodata.

By his account, Johnstone made effort to contact Tradepoint and B&Q. He initially contacted them on January 12 2019, but in spite of assurances that they were looking into the matter, the Elasticsearch instance only became inaccessible on 23 January 2019.

The BBC has reported that B&Q refutes some of the details in the incident, questioning the numbers of records involved. It also claimed other inaccuracies without detailing what they were.

Under GDPR, a data breach must be reported to the regulator with full details on what happened, within 72 hours.

Source: Johnstone report and BBC News

Comments

05 February 2019 09:01:34
B&Q bob

Company is in a shambolic state with poorly trained managers and is making suicidal decisions, it recently cut the pay by over £2000 of its most experienced shop floor staff causing most to leave who were level 5 cust advisors. They now have replaced Position with new team leaders paid far higher, BUT the experienced staff have left meaning most of these positions have been filled with inexperienced staff with no idea what  are doing. Veronica lowery as CEO has over seen the destruction of the UK best DIY chain. A store is only as good as it's staff and she has out the best of BQ by this terrible cost cutting idea.


(Your email address will not be published)
Already Registered?
Sign In
Not Yet Registered?
Register
Printable View E-mail Bookmark
*

What do you think?


How important is the housewares category to your business?



Latest reader comments

re: Hardware store wins fight against music licence body

Will
I am treasurer or a sports and social club and have a £724 bill from PPLPRS. Part of the bill is for dance clases, but a lot of the cost is ...

re: The man who put the Q in B&Q visits latest store

B&Q bob
The old BQ that he built respected staff loyalty and rewarded those willing to learn extra to be able to advise customers. The new BQ cut ...

re: Builder wins Toolstation's prize draw pick-up

Rob Burns
First time in store Dudley. Steph helped me find what i was looking for, so now will be my first place to use....

re: Homeowners worry over-the-top smart security might attract burglars

AndyH
No Way,I call BS on that one. Burglars have always been detrerred by obvoius expensive alram systems, window marking and security lighting. ...

re: Kingfisher study reveals the home is more important to happiness than our jobs

B&Q bob
Ironic then that kingfisher has altered it's staffs Hours so we get to spend less time with our families in our homes than ever before. ...