Natural skincare company BWX hit by cyberattack, with 2,500 credit card numbers likely exposed


Mr. Gration said no other personal information such as customer names, CVV codes, passwords or other information entered at checkout was accessed by the third party.

“We have notified potentially affected customers of the breach, explained the steps they can take to limit the risk to their information, and will ensure that affected customers receive appropriate information and assistance.”

BWX, owner of the Sukin, Andalou Naturals and Mineral Fusion brands, confirmed that the infringement was limited to Flora & wildlife website – which is in the digital segment of BWX – and had not affected any other part of its business.

He said he does not foresee any significant impact on his group’s business due to the breach.

Targeted online shoppers

Shane Bell, McGrathNicol’s partner and cybersecurity expert, said the BWX breach was different from high profile Optus and Medicare hacks because the hackers didn’t necessarily break in and steal massive amounts of data.

“Everyone’s website is on the Internet. The structure of the website and the way you interact with it present a level of security; some of them may be vulnerable,” Bell said.

“You still need to fix this infrastructure codebase the same way you fix some of the other parts of your environment.

“It’s really normally only websites that could run this e-commerce capability that cybercriminals will be looking to exploit.”

According to the Australian Cybersecurity Center Annual Cyber ​​Threat Reportpublished overnight, cybercrime related to online shopping accounted for more than 14% of the 76,000 reports received in fiscal year 2022.

“It shows you that while ransomware is probably the biggest in terms of impact, it doesn’t change the fact that all other avenues of cybercrime are still open and available,” Bell said. “Compromise a website is always open and available, you can’t forget some of the traditional stuff.”

BWX shares have not traded since late August – after requesting a voluntary suspension after it was unable to release its audited annual results for the financial year 2022 just 24 hours before it was scheduled to do so.

This was “due to certain revenue recognition issues for FY21 and HY22…These issues mean that the company currently does not know whether or not it will meet its full-year guidance for FY22. .”.

It has not yet presented its 2022 accounts, after requesting a further extension, and now plans to present the results in mid-November.

BWX has acquired ethical platformer Flora & Wildlife in May 2021.

More soon.


About Author

Comments are closed.