In late 2022, attackers exploited a vulnerability in a Southeast Asian retail company’s e-commerce website, compromising customer information. The breach exploited a SQL injection flaw, granting unauthorised access to the customer database and exposing personal details like names, addresses, emails, and unencrypted passwords. Although financial data remained secure, the incident had significant repercussions.

The company responded swiftly by shutting down affected servers, launching an internal investigation, and engaging a cyber incident response firm. Despite the prompt action, the delay in acquiring an incident response team meant that the breach took longer to resolve and incurred substantial costs. Customer notification, legal compliance, and additional security measures all required significant company resources.

Beyond financial losses, the breach severely impacted the company's reputation, eroding customer trust and triggering negative media coverage and public scrutiny. Rebuilding trust necessitated ongoing efforts involving enhanced security measures and transparent communication.

Download the full case study below.