Tag Archives: Nanette Lepore

Nanette Lepore, a New York-based fashion designer high end clientele, rapidly expanded to 10 boutiques in the United States, and one each in London and Tokyo. While the designer’s fashions were making a splash, network specialist Jose Cruz tells IncTechnology.com that the firm upgraded its firewall and network security in the wake of a hacker attack. Elizabeth Wasserman: How does a fashion house use IT? Jose Cruz: Until recently, we didn’t have much of an IT presence. When they brought me in, the company was growing pretty fast. The one thing that they seemed to overlook as the company was growing fast was their IT needs. My objective was to get them on a corporate e-mail system, lock down the network so it was not open to the world, and to implement security standards so that their intellectual data would be their intellectual data alone. Wasserman: Last year, you found out that hackers had compromised some of your customers’ credit and debit cards. What happened? Cruz: I got that call on a weekend. It was a frantic call from our store manager in our Las Vegas location. The FBI showed up and questioned what was going on. They said purchases had been made on credit cards belonging to our clients. We found out our point of sale systems had been compromised. These were in place long before I came on board. It was dated equipment and not up to the task. This was very disturbing to me as I had been auditing the main infrastructure in New York and hadn’t yet had time to see how the other locations operated. Wasserman: What did you do? Cruz: As soon as I got that call, I called up my support providers at Webistix. I’ve relied on them at times to tackle some situations I’ve never encountered before. This was something new for me. Webistix suggested that we get some SonicWALL firewalls in place. These are PCI compliant – they’re certified by the credit card bureau that puts standards in place for retailers. We got the SonicWALL TZ 180 in place. I immediately flew to Las Vegas and pulled the router offline. It looked as if someone had actually gone in and tampered with the firmware settings on it and pre-programmed it with a set of IP addresses unknown to us which meant it shouldn’t have been working but it was still allowing internet traffic to pass through or possibly piggy-back off of equipment that was capturing information. The FBI confiscated the equipment and we had to replace it all. We decided to harden everything through intrusion prevention, anti-virus prevention, and anti-spyware. We are now in a far better place than we used to be. Wasserman: Is it true that you had to shut down stores that weekend? Cruz: We shut the Vegas store immediately. It’s right there in the Caesar’s Palace mall and weekends are very busy. We also shut the two locations in Los Angeles. The location at Robertson in LA and the New York Broome Street location get extreme amounts of foot traffic coming in so we asked them to push off credit card transactions for the weekend, which of course affect business since almost all transactions are done credit card. We lost over a million dollars in business that weekend. The fear alone made Nanette consider closing stores in other areas around the U.S. over the weekend because they had the same legacy equipment. It was legacy equipment in place before I came on and before the company took experience a major growth spurt. When you think about what is going on, some of bigger retail chains have been affected in the same way on a grander scale, with thousands of their clientele level-three credit card information compromised. We’re just a small pea in a pod compared to those retailers for now. But, still, in a company in a growth mode, it’s scary to consider. If we were marching forward with technology in play that was dated and not up to the task, it could have been worse and we might have had more stores breached. Wasserman: Have you had any intrusions since? Cruz: No, we haven’t seen any intrusions since we installed the firewall. A lot of viruses have been blocked. A lot of spam bots have been blocked. I can now pull up this information with our global management system and monitor all our remote locations and get real-time feedback on the status of all our locations. We not only hardened our firewalls and locked down our systems and network but we also implemented security and group policies on our systems for our staff. This way, users are forced to log in before they can use any of our machines. And, depending up the group structure, they only have rights to do certain things on certain machines.