Tommy Hilfiger's ElasticSearch Database Exposed With its Customers' Personal Information

A misconfigured ElasticSearch database of Tommy Hilfiger, Japan has been found to have exposed the personal information of hundreds of thousands of customers.

The leaky database was discovered by Noam Rotem, and Ran Locar, security researchers from Safety Detective and they have stated this issue to be ‘minimal manipulation’ that could allow attackers to gain access to customer data.The leaky database contained personal information such as names, addresses, phone numbers, email addresses, and dates of birth of Tommy Hilfiger.

Apart from personal information, it also had certain transaction information which included the membership ID numbers, orders made, dates of purchase, product descriptions, prices, SKUs and details on millions of orders.However, no payment card details or financial information was present in the database.

When the two researchers found out about the leaky database, they contacted Tommy Hilfiger to notify them about the unprotected database.The representatives then escalated the issue to its parent company PVH Corp. A representative for PVH Corp revealed that the issue stemmed from a third-party operator that manages the Tommy Hilfiger Japan website.

Upon learning the incident, the company immediately worked to address the issue and quickly resolved the issue.The company had also urged its customers to be wary of the culprits who could impersonate Tommy Hilfiger and try to contact the people whose details they obtained from the leaky database, as they could as for financial details.