Fashion retailer Sussan took down its own website for six days following “a security incident”.
Sussan customers were notified on Friday evening that the company had suspended its website two days earlier, on June 17, after the breach was uncovered.
Sussan said its site would remain offline over the week but was expected to be “up and running” early this week.
As of Tuesday afternoon the website was still offline, however, SmartCompany was able to access the site this morning.
While the email to customers said Sussan had yet to confirm if any customers’ personal details had been compromised, customers were told they would be asked to change their passwords the next time they log in to their online account with the retailer.
“We also recommend that you check and monitor your credit card for any unusual activity and notify your credit card issuer immediately if you become aware of any suspicious transactions,” Sussan said.
Sussan told customers it is “doing all that we can to investigate and resolve the incident and to further strengthen our online security protocols”, and said the company had notified the Privacy Commissioner of the incident.
But those steps were not enough for some customers, who took to Facebook to complain about the retailer’s delay in notifying them of the breach.
“Poor form Sussan! You had a breach to your website on the 17th of June and only notified customers on the 19th of June? So thanks for that, that is a lot of time to access credit card information,” said one customer.
“And the fact that you can’t confirm if personal data has been compromised? The only good thing you have done here is notify the Privacy Commission. In today’s day and age I accept there are crooked people who are trying to steal identities and credit card info, but I do not accept that Corporates take 2 days to let Customers know of this breach.”
“And the fact you email starts off with “As a valued customer …” Of the irony! No value here.”
Brian Walker, chief executive of the Retail Doctor Group, told SmartCompany waiting 48 hours to notify customers their personal details may have been compromised is “not good enough”.
“To be fair, Sussan has probably never experienced anything like this before, but it plays out in the customer experience,” Walker says.
Walker says it is not just online customers who would be affected by a retailer’s site going offline. Customers researching their in-store purchases would also have suffered.
However, Walker says the impact on site traffic and sales is likely to be short-lived.
“It will bounce back,” he says.
“It can be corrected with the right PR strategy.”
But Walker says the more “compelling” concern that arises from security breaches is the retailer’s governance and risk strategies.
“Website hacking is becoming more and more common and there is plenty of press around about protocols for security,” he says.
“Retailers spend hundreds of thousands of dollars each year on loss prevention. This is just a cyber space example of the same thing.”
SmartCompany contacted Sussan but did not receive a response prior to publication.