Kylie Cosmetics, the cosmetic company founded by Kylie Jenner of “Keeping Up with the Kardashians” fame, has disclosed that customer information was stolen as part of the data breach of Shopify last week.
Here is the statement posted on the www.kyliecosmetics.com web-site.
- What happened?
Kylie Cosmetics recently became aware of an information security incident suffered by our e-commerce vendor, Shopify. Although their investigation is ongoing, Shopify has shared that this incident involved two members of their customer support team that obtained transactional records related to certain merchants, including Kylie Cosmetics.
- Kylie Cosmetics is committed to protecting the security of our customers’ information and was deeply disappointed to learn that Shopify’s incident affected some of our customers. Upon learning of this incident Kylie Cosmetics promptly initiated an investigation into the incident and has communicated extensively with Shopify to learn more about what occurred. Shopify has informed us that it engaged an outside forensic investigation firm to assist them in investigating and remediating the situation and has reported the incident to the FBI and other international agencies and are working with law enforcement in their investigation of this incident.
- We recognize the importance of protecting the privacy and security of our guests’ information and we are continuing to work diligently with Shopify to get additional information about this incident and their investigation and response to this matter.
Relying on 3rd party vendors is just part of the modern e-commerce world. Firms build their e-commerce platforms with plug-ins, open source code, payment tools, hosting domains, servers etc. The list of potential partners is virtually endless.
Every element you add to your site, is potentially just another pathway for a hacker to access your customer information and even worse, on occasion hack your network. The problem with all these partners that need to be included into your web-site business is that they each increase your data security risk. Unfortunately, many web products have huge security gaps that are over-looked in the development process. Even if a gap is detected a patch can quite often take several months to arrive.
The Helix22 SDK is here to protect 100% against all platforms and any type of cyber attack.
Our Motto – In Math We Trust
Helix22 delivers security assurance due to our genius engineering team that has invented a new model for data security that required an innovative look at the problem. The approach we took was to protect the data itself. Almost all other data security products try to build a perimeter or being fanatic on user identification. However, when that security product is breached or a password is stolen, your firms data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even when a breach occurs the data cannot be exfiltrated. This means that all of Kylie’s Cosmetics information is 100% protected regardless of the type of attack.
A substantive benefit of the Helix22 SDK is that it protects data while at rest and in use. This is uniquely different than other products that only encrypt data while in transit. Kylie Cosmetics would have significant design, product research and Intellectual Property that would need to be protected. Even when substantive data is running on the cloud or new color palettes are being designed on someone’s laptop, all the data is protected. Of course, all communications are completely encrypted with multilayered packets that cannot be hacked. This combination of at rest, in use data protection and in transit communication makes data protection critical to companies that thrive on design and engineering. DNA BindingTM perfectly protects the data.
We can make this perfection claim as the tech engineers at BLAKFX invented and patented a genuine user2user (U2U) encryption. We manage data security transmission through the truly brilliant and also patented universal Helix22 key service. The Helix22 encryption originates on your network or device, not just when the app is opened. This means, that when data arrives to our key server, it is already encrypted so all it needs to do is issue another key. This key will then only work with the intended device, which generates a matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server so your internal communications and transmissions remain completely top secret. Even in the highly unlikely event that BLAKFX were compromised, we only ever have access to the encrypted content…as that is literally all we have. Therefore, the attack would be useless. Helix22 also only use keys just one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user2user encryption (U2U) world, there is no opportunity ever for a data leak.
This same protocol just described, can be the same with all the 3rd party vendors and suppliers. It does not matter in the least what platform they are running or what device they are using or even the type of data, it is all 100% protected. We do however, strongly advise that all 3rd party firms involved in the e-commerce business be utilizing Helix22 due to the nature of the data content. If they are not, then your frims data can be exfiltrated from them. Helix22 can ensure that whatever data a 3rd party vendor is generating is protected as well. If they are not running Helix22, then there is potential for a breach with information they originate on their system or in the cloud.
Let’s take it a step further. Even if Kylie Cosmetics were a victim of an internal attack, corporate espionage or a victim of malicious open source downloads, there is no reason for concern. Any data that has been forwarded, downloaded, copied or saved cannot be exfiltrated. Period. We have the technology industries foremost data packets which are protected with multi-layered, military grade encryption algorithms that have already proven the ability to withstand penetration testing from MI5 and quantum computing attacks.
Our founders also founded Wickr, which is used by the US military and has never been hacked since its inception in 2012. Helix22 is several generations enhanced since then.
Finally, the Helix22 encryption is quantum computing ready so no need to redo all your data security methodologies in a couple of years when everything else becomes obsolete.
We like to refer to Helix22 as “22nd Century Data Security.”