Essential reading for retailers and suppliers in the home improvement market

B&Q leaks information on 7,000 suspected shoplifters

Published: 29 January 2019 - Kiran Grewal
 

B&Q has reportedly given up information on around 70,000 shoplifters on Elasticsearch, according to Australian security researcher Lee Johnstone.

The exposed data included the names of thieves, along with the product codes of the things they had attempted to steal, the total price of the losses, and location data for the stores. Also included were detailed descriptions of people and their vehicles.

According to Johnstone’s report, the instance was operated by TradePoint, the arm of B&Q that focuses on trade-only sales.

He said that it was operating an internal program to track incidents of theft across its stores, along with information about the offenders. The retailer stored all this information in an Elasticsearch database that was connected to the public internet, and without any form of authentication.

Initially there were no identifying information about the retailer involved and the security researchers discovered it was B&Q from the store geodata.

By his account, Johnstone made effort to contact Tradepoint and B&Q. He initially contacted them on January 12 2019, but in spite of assurances that they were looking into the matter, the Elasticsearch instance only became inaccessible on 23 January 2019.

The BBC has reported that B&Q refutes some of the details in the incident, questioning the numbers of records involved. It also claimed other inaccuracies without detailing what they were.

Under GDPR, a data breach must be reported to the regulator with full details on what happened, within 72 hours.

Source: Johnstone report and BBC News

Comments

05 February 2019 09:01:34
B&Q bob

Company is in a shambolic state with poorly trained managers and is making suicidal decisions, it recently cut the pay by over £2000 of its most experienced shop floor staff causing most to leave who were level 5 cust advisors. They now have replaced Position with new team leaders paid far higher, BUT the experienced staff have left meaning most of these positions have been filled with inexperienced staff with no idea what  are doing. Veronica lowery as CEO has over seen the destruction of the UK best DIY chain. A store is only as good as it's staff and she has out the best of BQ by this terrible cost cutting idea.


(Your email address will not be published)
Already Registered?
Sign In
Not Yet Registered?
Register
Printable View E-mail Bookmark
*

What do you think?


As the Brexit saga continues, what do you want the Government to do?



Latest reader comments

re: Which? says B&Q website is bottom of the pile

Roy stone
b&q website has always been terrible 9 times out of 10 it takes an age to work or if it works at all I am a tradesmen and also hold a ...

re: New safety mark replacement could cost UK manufacturers millions

Robert Millien
All very true.Reminds me of all the horror stories about what would happen on 1st January 2000. What happened? Nothing!!!...

re: BCT calls in administrators

Kevin Keely
I worked at Bct in 2009/10 for several months. This time left a lasting impression on me. What an impressive company, staff, colleagues ...

re: Graham Bell to head up B&Q as part of Kingfisher reshuffle

John Garner
Dear Mr Bell. May Ifirst congrate yyou on your promotion yo CEO B&Q. I need your help. 2010 I purchased from B&Q a full kitchen for ...

re: New safety mark replacement could cost UK manufacturers millions

geej@onetel.com
Some misconceptions here. For some time many EU Countries refuse to accept UK Conformity Tests and insist manufacturers get retested in ...

Most read stories