Essential reading for retailers and suppliers in the home improvement market

B&Q leaks information on 7,000 suspected shoplifters

Published: 29 January 2019 - Kiran Grewal
 

B&Q has reportedly given up information on around 70,000 shoplifters on Elasticsearch, according to Australian security researcher Lee Johnstone.

The exposed data included the names of thieves, along with the product codes of the things they had attempted to steal, the total price of the losses, and location data for the stores. Also included were detailed descriptions of people and their vehicles.

According to Johnstone’s report, the instance was operated by TradePoint, the arm of B&Q that focuses on trade-only sales.

He said that it was operating an internal program to track incidents of theft across its stores, along with information about the offenders. The retailer stored all this information in an Elasticsearch database that was connected to the public internet, and without any form of authentication.

Initially there were no identifying information about the retailer involved and the security researchers discovered it was B&Q from the store geodata.

By his account, Johnstone made effort to contact Tradepoint and B&Q. He initially contacted them on January 12 2019, but in spite of assurances that they were looking into the matter, the Elasticsearch instance only became inaccessible on 23 January 2019.

The BBC has reported that B&Q refutes some of the details in the incident, questioning the numbers of records involved. It also claimed other inaccuracies without detailing what they were.

Under GDPR, a data breach must be reported to the regulator with full details on what happened, within 72 hours.

Source: Johnstone report and BBC News

Comments

05 February 2019 09:01:34
B&Q bob

Company is in a shambolic state with poorly trained managers and is making suicidal decisions, it recently cut the pay by over £2000 of its most experienced shop floor staff causing most to leave who were level 5 cust advisors. They now have replaced Position with new team leaders paid far higher, BUT the experienced staff have left meaning most of these positions have been filled with inexperienced staff with no idea what  are doing. Veronica lowery as CEO has over seen the destruction of the UK best DIY chain. A store is only as good as it's staff and she has out the best of BQ by this terrible cost cutting idea.


(Your email address will not be published)
Already Registered?
Sign In
Not Yet Registered?
Register
Printable View E-mail Bookmark
*

What do you think?


How do you feel about the appointment of Boris Johnson as prime minister?


Latest reader comments

re: DIY inventor gets £100,000 investment for Wellitop

Gel
You're being optimistic expecting a response to a 9 year old story!...

re: DIY inventor gets £100,000 investment for Wellitop

Penny
Hi I live in Australia and am finding it really difficult to find somewhere on the internet to purchase wellitops. i manged to find one ...

re: Further Homebase closures ahead

Once a customer
good investigating diy week . There looks like will be more closures so will you keep us updated . Just seen Horsham closing so more than ...

re: Quick and easy wood treatment oil from Frogsuit

Beverley
Hi, please confirm if Frogsuit can be used on all external wood doors and sheds.RegardsBeverley...

re: Quick and easy wood treatment oil from Frogsuit

Chris - Frogsuit Ltd
Hi Arthur, thank you for your query. Depending on the product and the type of wood you may need to prepare the items prior to application. ...