Showpo and Black Swallow settle data theft allegations

retail — An interior of the Newegg warehouse on Cyber Monday in City of Industry, California, U.S. November 28, 2016. Reuters/Mario Anzuoni

Showpo and Black Swallow have settled data theft allegations requiring the latter to pay $60,000 in instalments over the fun and forward online fashion clothing store. After the payments were settled, the case would be dismissed. Both parties were ordered to pay their own legal costs.

Theft allegations started when Showpo's former graphic designer Melissa Aroutunian downloaded the company's entire customer database. Then the graphic designer allegedly passed it on to her new employer at Black Swallow. The database she forwarded to her new employer included contact information of customer, web users and subscribers. Credit card information and financial information were not included in the list.

Jane Lu's company, Showpo, claimed that the breach was discovered when at least 90 customers started receiving on October 29 unsolicited marketing material from the company's rival retail store. Based on MailChimp's history, Aroutunian's password was used to access client contact list on September 6. The email direct mail showed that the list was exported to the designer's home IP address.

Lu's company sought an order that the company should destroy or delete the client contact list. It was also seeking an order that its competitor should stop using the stylised W in its marketing. However, the court did not order the rival to amend its logos or its website.

Aroutunian was accused of allegedly breaching her contractual obligations. The documents in the court claimed that she profited or might profit from the alleged theft. Black Swallow chief executive Alex Baro denied that he offered payment to the designer in return for copying the client list.

Experts in information security and surveys showed the relevance of employees in data breaches. Managing director of the Information Security Forum Steve Durbin said that time has shown that majority of data breaches originated inside company walls. He said that employees and negligence were the leading causes of security incidents. However, he said that such negligence was the least reported issue.

Durbin said that companies should regularly re-evaluate the people who have the privileged in accessing the company's data. He said that security and trust supervision, appraisals and performance management should also be re-evaluated. He said that it would be useful if the company evaluated each stage of the employment life cycle. He said the company should consider what could be done to reduce risk and improve trustworthiness and what trust the organisation was placing in people.

The online retailing business selling fast and affordable fashion was on track to book $25 million in revenue for 2016. On the other hand, Black Swallow just launched 18 months ago was smaller than its rival.