{"id":36520,"date":"2024-12-02T00:05:27","date_gmt":"2024-12-01T23:05:27","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=36520"},"modified":"2024-12-02T02:09:34","modified_gmt":"2024-12-02T01:09:34","slug":"stiga-data-leak-garden-and-sport-tools","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/12\/02\/stiga-data-leak-garden-and-sport-tools\/","title":{"rendered":"STIGA data leak (garden and sport tools)"},"content":{"rendered":"

\"Sicherheit[German<\/a>]The company STIGA, active as a supplier in the field of robotic lawnmowers, gardening equipment and sporting goods, has suffered a data protection incident. A reader had made enquiries and received confirmation from the provider. Customer data has been leaked and is now being offered on the Darknet.
\n<\/p>\n

Who is STIGA?<\/h2>\n

\"\"Stiga S.p.A., referred to here as STIGA, is a manufacturer of garden tools and sports products based in Castelfranco Veneto, Italy.<\/p>\n

\"STIGA<\/p>\n

On the company's website, for example, you can find out that STIGA manufactures autonomous robotic mowers and lawn tractors. The group also offers tennis rackets.<\/p>\n

The company was founded in Sweden in 1934 and was independent until 2000. From 2000, it became part of the Global Garden Products (GGP) group, although the Stiga name was retained as a trademark.<\/p>\n

After changing its name to Stiga Group and relocating its headquarters to Italy, the company now employs 1,750 people and has an annual turnover of around 500 million euros.<\/p>\n

A reader's tip<\/h2>\n

A reader who does not wish to be named contacted me by email on November 27, 2024. He wrote that he had been informed via Google that there had been a data breach at STIGA. He mentioned that the company STIGA sells garden machinery, garden tools and sporting goods. The reader did not provide any details about the Google find, but wrote that he had received information along the lines of: \"STIGA. Your data has been exposed due to a data breach and was found on the dark web on 08. Nov. 2024.\"<\/p>\n

Asked STIGA<\/h2>\n

The reader then contacted STIGA by email and received an answer. They confirmed a data breach.<\/p>\n

\"STIGA<\/p>\n

On 24, September 2024, STIGA IT staff discovered that an unauthorized third party had penetrated the system. He had obtained the access data from one of STIGA's suppliers.\u00a0It remains unclear to me why a supplier can access customer data – in other words, the attacker was probably able to access other data in the network once he was in the system.<\/p>\n

In any case, customer data has been stolen and is now being offered on the Darknet. STIGA writes that the affected data includes first name, surname, billing and delivery address, e-mail, telephone number and order data that customers have transmitted via the Internet.<\/p>\n

No sensitive information such as financial data, payment details or credit card information is said to have been leaked. I consider the statement that no special categories of personal data relating to health, racial or ethnic origin, political or religious beliefs, etc. were compromised to be bullshit bingo. The GDPR does recognize these categories, but I was not previously aware that I had to provide STIGA with information about my health, race or religious beliefs when I wanted to buy a lawn mower.<\/p>\n

The reader writes that it is surprising that customers were not informed immediately, but apparently only on request. As the reader bought equipment from Stiga, all his data is now on the Darknet. He finds this justifiably bad and unfortunately the \"immediate measures taken\" no longer help him personally.<\/p>\n

Notification from STIGA<\/h2>\n

Her is the Notification from STIGA – it's in German.<\/p>\n

Was geschah: Am 24. September hat das IKT-Team der STIGA einen Versto\u00df festgestellt, der unsere Systeme betraf. Aufgrund einer unsachgem\u00e4\u00dfen Verwendung von Zugangsdaten, die einem unserer Lieferanten zugewiesen wurden, kam es zu einem unbefugten Zugriff und einer vor\u00fcbergehenden Verbreitung einiger Ihrer Daten.<\/p>\n

Welche personenbezogenen Daten waren betroffen: Zu den von der Sicherheitsverletzung betroffenen Daten geh\u00f6ren Vorname, Nachname, Rechnungs- und Lieferadresse, E-Mail, Telefonnummer und Bestelldaten, die uns \u00fcber das Internet \u00fcbermittelt wurden. Weder sensible Informationen wie Finanzdaten, Zahlungsdetails oder Kreditkarteninformationen noch besondere Kategorien personenbezogener Daten wie Daten \u00fcber Gesundheit, Rasse oder ethnische Herkunft, politische oder religi\u00f6se \u00dcberzeugungen sind gef\u00e4hrdet.<\/p>\n

Was wir tun:<\/p>\n