NA-KD Corporate Statement - Protection of Customer Data
16 October, 2020
We pride ourselves in always putting our customers first in everything we do, by being transparent in all matters ranging from sustainability to privacy.
Therefore, as a precautionary measure, we have contacted potentially affected customers to inform them that on October 2nd, NA-KD identified a data security incident on one of our servers. No payment details, passwords or social security numbers were affected as this information is not stored by NA-KD. Information which may have been affected includes customer details such as names, addresses, phone numbers, purchase history and email addresses. There is a likelihood that our immediate measures led to the incident being unsuccessful, but as a precaution we have decided to communicate to potentially affected customers proactively. While NA-KD is not legally obligated to inform customers of this incident, we wanted to be as transparent as possible, in line with our values.
Upon learning of the incident, immediate steps were taken to protect our customers. We swiftly isolated and closed down the incident. We immediately launched an investigation, engaging an established third-party cyber security and forensic expert to evaluate the incident. We have filed an initial police report and in accordance with the EU General Data Protection Regulation (GDPR) we have filed with the Swedish DPA (Datainspektionen), the lead supervisory authority pursuant to Article 56 of the GDPR.
We are not aware of any evidence indicating that the information within the affected server was misused. As always, we encourage our customers to be aware of potential scams that ask for personal or sensitive information. NA-KD will not contact its customers in any way to ask for their credit card number or any other sensitive personal information. If customers are asked for this information, they can be confident that this is not NA-KD asking, as we do not store passwords or payment details.
We understand that an incident like this is not what our customers should expect from us, and we are truly regretful for any inconvenience this situation might have caused. Our number one priority is our customers and the protection of their information.
We are implementing additional security measures to protect our customers’ privacy to make sure this type of incident does not occur again.