The German sex toy retailer Amorelie is currently informing its customers about a security breach of which the company says it became aware at the end of November. While bank and credit card data were not affected, Amorelie admitted that the breach affected order data – names, addresses, e-mail addresses, purchased product, payment method – of customers as well as address data – names and e-mail addresses – from 2013 to May 2020. As soon as the leak became known, it was closed and reported to the relevant authorities.
Here is the message by Amorelie in its entirety:
Dear AMORELIE lover,
we hope that you and your loved ones are doing well in this still unusual and difficult time for all of us. We at AMORELIE are doing everything we can to continue to supply our customers with our products in order to provide a little diversion from everyday life.
A high degree of transparency towards our customers is also very important for us. We would therefore like to inform you about an IT security vulnerability that we became aware of on November 22, 2021, and which we immediately closed.
We would like to say one thing in advance: At the moment, there is no reason for you to worry; so far, there are no indications of a possible data misuse.
On Monday, November 22, 2021, we learned of an IT security vulnerability that could have allowed unauthorized access to data. We were able to close this vulnerability a few minutes after we became aware of it. We immediately reported the incident to the responsible data protection authority.
The incident affected order data (names, addresses, e-mail addresses, purchased product, payment method) of customers as well as address data (names and e-mail addresses) of registered users from 2013 to May 2020. Bank and credit card data were not affected. Unlawful access to this data cannot be completely ruled out at this point in time, but there are currently no indications of possible misuse. Since the IT security gap was closed, unauthorized access to the data is of course no longer possible. Our IT experts are continuing to work at full speed and with the support of an external IT consultancy to clarify the matter.
What should you do?
Since we cannot yet completely rule out unlawful access to the data, we ask you to carefully observe and inform us of any unusual occurrences that may indicate misuse of your data.
What does AMORELIE do to effectively protect your data?
The security of your data is our highest priority and we take this incident very seriously. We are working closely with the responsible data protection authority and an external IT consultancy on the comprehensive clarification. If it turns out that the data has been misused, we will do everything we can to prevent further possible misuse together with the authorities.
We assure you that we take all possible security measures to protect your data effectively. This applies both to the regular review and further improvement of our processes and security standards and, of course, to the ongoing training of our employees.
Do you have further questions?
We are here for you. If you have any further questions about this incident, you can contact us at any time using our contact form.
We are very sorry about the incident and assure you that the security of your data remains our top priority. Furthermore, we hope that you will remain a member of the AMORELIE Lover Community and that you will continue to enjoy our products and content!
Lots of love – Your AMORELIE Team