Courts data breach heralds rocky start for Int’l Fraud Awareness Week
Published:Tuesday | November 14, 2023 | 12:11 AMAndre Williams/Staff Reporter
International Fraud Awareness Week got under way on Sunday with news of yet another local data breach, this time at Courts, the island’s largest furniture and appliance retailer.
The public was made aware of the breach, which reportedly took place in August 2023, after posts referencing the leak appeared on social media platform X.
Courts operates more than 90 stores in at least 11 Caribbean countries. Its Jamaican clients were reportedly among those whose data were stolen.
On Monday, the company acknowledged that a data breach occurred in its previous e-Commerce platform www.shopcourts.com, and said that it acted immediately after this was detected.
“In September 2023, we replaced our e-Commerce platform with a new, more secure site, www.courts.com, that enforces the measures and strengthens our security levels accordingly, to ensure we have a secure platform,” the company said in a release.
Data being sold online
It further sought to assure customers that “none of their payment methods and password information was exposed in this incident”, while noting that the leak did not affect customers who shopped at its physical stores.
Gavin Dennis, a cybersecurity consultant on X, said the hackers claimed they hacked the ‘SHOP COURTS’ website and stole data of up to 200,000 orders.
“They’ve publicly leaked a sample of customer records from 2013 to 2023 as their proof,” Dennis wrote on the platform formerly known as Twitter.
The Gleaner gathered that access to the full set of data is being sold online and was published on August 29, 2023.
The hackers reportedly hinted at obtaining customers’ names, addresses, phone numbers, purchase locations, purchase dates, statuses, shipping addresses, billing addresses, and shipping information.
On the weekend, it was also reported that hackers compromised systems at retailer PriceSmart, which operates in more than a dozen countries, including Jamaica.
“ALPHV hackers have posted TODAY that they stole MORE THAN 500GB of sensitive data on CUSTOMERS and employees from PriceSmart,” Dennis posted on X on the weekend.
He said that this is the same group that claimed the hack of Derrimon Trading in Jamaica this year.
The Gleaner was unable to reach the head of the Jamaica Cyber Incident Response Team, Lieutenant Colonel (Ret’d) Godphey Sterling, for comment on the latest breaches. He was said to be off on official duties.
Data breaches in government and private entities are not new.
Last month, Ambassador Rocky Meade, permanent secretary in the Office of the Prime Minister, pointed to a significant rise in cybercrime incidents.
He said that there has been more than a 60 per cent increase in occurrences of what has been monitored and discovered.
Meade also said that a number of incidents have not been documented because of the businesses’ fear that it will negatively impact their image.