We became aware of a data security incident involving your personal data. The incident did affect your contact information and credit card data.
In order to protect yourselves from possible adverse consequences of the data theft we recommend you contact your bank or credit card provider immediately and follow their advice. Please find below further details on the incident and measures you may take in order to mitigate risks resulting from this incident.
What happened and which personal data is affected
We are investigating, as a matter of urgency, the theft of customer / credit card data between 20:52 CET March 30 2019 until 14:30 CET March 31 2019 from our website, www.tally-weijl.com.
A malware code was attached to our checkout process that generated a fake input form. Users which started the checkout process in the aforementioned timeframe were asked to fill in this fake form. The fake form asked for the following information:
All customers which completed an order between 20:52 CET March 30 2019 and 14:30 CET March 31 2019 or which at least filled in the fake form by completing the first step of the checkout process are affected and their aforementioned data was disclosed to the attackers.
Any data collected by Tally Weijl before or after this timeframe was not affected by the incident. In particular, the attackers were not able to access any of the databases in which we store our customer data (i.e. order data).
As you made an online purchase on our Tally Weijl e-commerce platform in the aforementioned timeframe or at least completed the first step of the checkout process in that timeframe, you are affected by this security incident.
Potential consequences of the security incident and what you should do
There is a significant risk that the attackers may use your credit card data for fraudulent payments. As the attackers also obtained your contact information, identity theft (e.g. performance of fraudulent or otherwise illegal activities under your identity) is also a potential risk of this security incident.
Customers should also be aware that fraudsters may for example be claiming to be Tally Weijl or your bank/credit card provider and attempt to gather further personal information by deception (known as 'phishing'). Please note that we will not be contacting any customers asking for payment card details and that any such requests should be reported to the police and relevant authorities.
We therefore recommend the following actions:
Measures taken by Tally Weijl
We completely deleted the malware from our system. Our website is now working normally and safe.
Tally Weijl has notified the breach to the relevant supervisory authority.
We will now continue to investigate the incident in detail with the relevant law enforcement agencies in order to identify the attackers.
Furthermore, we will continue to further analyze the circumstances of the attack in order to evaluate whether further measures should be taken.
Will this affect any future purchases
The incident has been resolved and tally-weijl.com is working normally and safe so that future purchases will not be affected.
We also received all orders completed between 20:52 CET March 30 2019 and 14:30 CET March 31 2019. Should you have completed your order in this timeframe, we will regularly process your order.
In case of any further questions or concerns you can contact us directly via [email protected] or under the following address:
Tally Weijl Trading AG,
Privacy, Legal Service
You can also contact our designated representative in the EU under the following address:
Tally Weijl Retail Germany GmbH
Privacy, Legal Service
We take the protection of our customers’ data very serious. We understand that this incident will cause concern and we are very sorry for the inconvenience that this criminal activity has caused for you.