French DIY etailer ManoMano admits customer data stolen French online marketplace ManoMano is warning customers their personal data was siphoned off after a cyberattack hit one of its customer support subcontractors – and criminals are already claiming the haul is far larger than the company's carefully worded notice suggests. Reflection on surface of Wynn Encore hotel in Las Vegas …
"In its notification, the retailer said it "immediately took all necessary measures to protect your data," "
I mean this is a new one. Usually it's "we take customer security very seriously" or "this was a sophisticated attack". But I've recently seen this and a few others go, essentially, "we've taken the decision to shut the stable door".
Won't be long before one of these hacks results in the company going "yeah, well, shit happens".
"Won't be long before one of these hacks results in the company going "yeah, well, shit happens"."
Regardless of whatever wording they actually use, my impression has for some years been that thast is already the underlying attitude.
It will continue to be their attitude until someone makes it hit the company/organisation/directors hard in their own wallet, rather than just the wallets of the customers or employees.
The companies already incur significant costs - regulatory investigation, external legal advice, intrusion consultancy, systems restoration, lost sales (directly or through reputational damage). Just ask JLR or Marks & Spencer.
I can't say whether many directors are held personally to account for IT attacks, but I'd imagine that bonuses get hit because profit targets are missed. The problem for us armchair critics is that we're ignoring that nobody inside the company wanted these events to happen. However, directors have to balance the investment in ITsec with other uses of the money. Threat actors need only get lucky once, the company needs to be lucky all day every day, 24/7, moreover any ITsec investment case should be caveated that there's no defences against zero days, no defences against state sponsored threat groups, limited defences against insider threats, and that third party IT services cannot be secured by the client company.
Well, if you were after something that you couldn't otherwise buy in the UK, then how about this:
https://www.manomano.co.uk/p/1pc-4-inch-22-teeth-chainsaw-angle-grinder-wood-carving-wheel-for-angle-grinder-wood-cutting-and-shaping-79665677
And for those who want these things, they're lucky that ManoMano flagrantly ignore UK safety regulations:
https://www.gov.uk/product-safety-alerts-reports-recalls/product-safety-alert-angle-grinder-chainsaw-disc-attachment-psa2
"after a cyberattack hit one of its customer support subcontractors"
How can outsourcing customer support be viable? Not only is the company paying for the staff providing the support, they are paying the contractor's layer of parasitic management, insurance and funding whatever poor choices they make for locations and infrastructure.
Some a company does on a limited basis can be a good place to outsource. Customer support is something that goes on 24/7. It's also the outward face of the company to the customers they already have. A truism in business is that it's less work to keep a customer than to attract one. It's also easy to turn a customer into negative publicity with poor support.
Some big companies aren't going to care as they can't afford to provide much support and still be the "low price leader" and they'll also get taken advantage of by the masses of unscrupulous. Even watched a video on somebody that's bought a pallet of Amazon returns? Plenty of bricks in returned xBox's and Playstation's. Lots of abused power tools that got swapped for new/shiny with the old one sent back as a warranty claim.
Customer support and relations is one of the most critical functions a company can have. To outsource it and then have that contractor leak the information is criminal and should be treated as such.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
