Australian online retailer The Iconic has released an official public statement after a number of its customers fell victim to account fraud, and some people aren’t too keen on its response.
Earlier this year, customers of The Iconic reportedly fell victim to account fraud via its website after multiple reports said they discovered unusual payments to the website on their cards.
One person claimed to ABC that a hacker spent $1500 on the online store, and another added that their card had been used on the site to make a $703.95 purchase.
In response to the apparent security breach, the online shop shared a six-tile Instagram post addressing affected customers, apologising for the inconvenience and giving an update on its current investigations.
In the public statement, the clothing company acknowledged that there was “unauthorised access to a number of customer accounts” however it claimed that it was “not a result of a breach of any of The Iconic’s internal systems”.
In another slide, The Iconic says its customer service team is working to “intercept any fraudulent orders and provide refunds to impacted customers”. It also said it’s working with cybersecurity partners, working with impacted customers to provide “appropriate support” and “specific recommendations”, and emailed customers to “change their passwords and be vigilant”.
Further in the statement, The Iconic apologised for the breach as a whole and its delays in response to impacted customers.
“We also want to take this opportunity to acknowledge the delays in our customer service response for some affected customers,” it wrote.
“This is far from the experience we want to provide you, and our teams are working as fast as possible to ensure that affected customers receive an urgent and timely response.
“You, our customers, mean the world to us and we are committed to earning back your confidence. We are truly sorry that this has happened to you.
“We appreciate your ongoing patience and will continue to provide affected customers with updates through this ongoing investigation.”
Customers respond to The Iconic’s public statement
So far, the online boutique has seen a mixed bag of reactions to its public statement. Some folks have praised the company for its transparency, as well as its attempt to apologise to the affected customers.
However, most of the comments have slammed The Iconic and its statement for a variety of reasons.
Many customers who’ve been sent an email to change their passwords have reported on the Instagram statement that it doesn’t allow them to make their changes.
Some folks — who claim to be missing upwards of thousands of money, allegedly through the security breach — have claimed that The Iconic hasn’t acknowledged their personal requests.
Others are continuing to call for stronger security measures, such as installing a two-factor authentication when it comes to signing and purchases.
One person called out the company’s communications, claiming that a previous email sent on Tuesday mentioning “general account security” without acknowledging the breach was “pretty shady and subpar comms work”.
Before the public statement, posted on Wednesday night, The Iconic reportedly sent an email to customers ensuring that the company had not fallen victim to a mass data breach.
“We have recently seen an increase in fraudulent account login attempts on The Iconic, which our security and fraud teams continue to actively manage, in conjunction with our security partners,” a spokesperson said.
“We are working with all customers to address these incidents, which are not a result of a data breach at The Iconic.”
On Tuesday, as more reports of fraudulent activity surfaced, the retailer sent out a massive email urging customers to change passwords and remain vigilant when it comes to online safety.
The company has assured affected customers that they will be fully reimbursed for the missing funds.
The Iconic’s fraudulent activity debacle comes around the same time travel agency Inspiring Vacations was hacked, which saw 112,00 personal records from their database published.
The database has now been secured, however, it is not known how long it was accessible to hackers.
It’s only the start of 2024 and it seems like these sorts of breaches are coming at us left, right and centre. I think it’s time we let go of our MSN and Club Penguin passwords and trade them in for something extra strong.
ISTG those 2000s secret journal toys where you ~whispered~ into a toy microphone had waaaay better security than some of these sites. Yikes.
