Data protection incident at camera specialists Calumet

The online platform of the retailer Calumet, which specializes in photography, has fallen victim to an IT incident. There were indications of this as early as the summer of last year, but Calumet has now admitted to the incident.

Calumet explains the IT incident on its website. “We would like to inform you that an unauthorized third party has gained temporary restricted access to a third-party system used by us. Therefore, there is a possibility that some contact data may have been affected by a data leak,” the company states. The vulnerability has since been closed. “Neither sensitive data, such as passwords, credit card details, or purchase information, nor communication content are affected.” Calumet is cooperating with the responsible Hamburg data protection authority.

Calumet has had its security measures reviewed and “additionally strengthened to protect all data even better in the future.” The company intends to personally contact affected individuals whose data was exfiltrated in the incident by January 10th via their registered email address.

Previous Indications

As early as the summer, there were indications that a data leak must have occurred at Calumet. Disposable email addresses used only there suddenly received spam messages. However, this is only a loose indicator, as cybercriminals could also have obtained the email address through an infostealer or by simply trying. As Calumet now states, it is “primarily about the email address you used for your inquiry to us and your name, if you provided it.” In the announced email to affected individuals, Calumet will specify exactly which personal data is affected in individual cases.

Calumet advises impacted individuals not to take any further action for now. However, they should be vigilant about suspicious emails or phone calls, as these could be fraud attempts such as phishing.

(dmk)