A jewelry shop may have opened a backdoor that allowed thieves to login and use accounts with no authentication at all, according to federal prosecutors.
In addition, the shop’s managers allegedly allowed their employees to login into the shop without providing proper credentials, prosecutors said in a court filing.
In response to a lawsuit filed by the Justice Department last week, the jewelry shop owners allegedly admitted to not properly securing the shop, but said they have been cooperating with the investigation.
“In our view, it is clear that the defendants did not do anything wrong, but rather allowed their shop to be used for criminal purposes,” U.S. Attorney David L. Bowles said in court filings.
Bowles added that the shop owners have cooperated with investigators, and will continue to do so.
The alleged breach was discovered last fall, the Justice and Treasury departments said in their court filings last week.
The owners are now facing criminal charges of wire fraud, conspiracy, money laundering and unauthorized access to a protected computer.
The investigation is continuing.
The U.K.-based jeweler Henne Jewelers is the latest to come under scrutiny in the past few years.
In 2013, an online marketplace that sells jewelry and watches was hacked and sold to a hacker who was able to access customer credit card data and then sell it to third parties.
In 2016, the same company was hit with a lawsuit for allegedly allowing a customer to use its website to make purchases without authentication, and in 2017, an employee was charged with selling stolen credit card information.