How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.

Target Sues Insurer Over 2013 Data Breach Costs

Data Breach Today

Lawsuit Claims Insurer Owes Retailer for Coverage of Card Replacement Costs Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer's massive 2013 data breach. Find out how much money the company is seeking

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Staples discloses data breach exposing customer order data

Security Affairs

Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. The office retail giant sent out a data breach notification letter to the impacted customers, the incident took place around September 2.

Magecart Hits Macy's: Retailer Discloses Data Breach

Dark Reading

The retail giant discovered malicious code designed to capture customer data planted on its payment page

Are Data Breaches the New Reality for Retail?

Thales eSecurity

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. While retailers digitally transform their businesses to better serve the higher demands of their customers, they’re being challenged with safeguarding personal data to protect customers, partners and suppliers’ critical information. Data Breach

How data breaches are affecting the retail industry

IT Governance

Data breaches. What steps will the ICO (Information Commissioner’s Office) take to ensure organisations comply with the recently enforced GDPR (General Data Protection Regulation)? How will customers, suppliers and partners react to organisations that suffer a breach? Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them?

SHEIN Data breach affected 6.42 million users

Security Affairs

Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach. The online fashion retailer announced a security breach last week, according to the firm the attackers carried out “a sophisticated criminal cyberattack on its computer network.”

Wawa Data Breach: Malware Stole Customer Payment Card Info

Threatpost

Breach data breach malware payment card theft point of sale pos retail breach Wawa Wawa breachWawa said that payment-processing system malware had potentially affected all 850 of its locations.

Customers lose confidence – data breaches aren’t just about fines

IT Governance

A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches. Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA , British Airways , Vision Direct , Eurostar and Marriott. It is essential for organisations of all types and sizes to do their absolute best to reduce the risks of a data breach. Following a data breach, 78% of people would stop engaging with a brand online.

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

IT Governance

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records. The only saving grace for the organisation – which didn’t do itself any favours by initially denying the story and threatening to sue people who reported on it – is that the leaked database comprised a list of records from past data breaches. You can take a look at every data breach and cyber attack that we recorded in June in this blog.

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. The incident is still being investigated by the National Crime Agency and National Cyber Security Centre , with a skimming script that scraped data from online payment forms thought to be the cause. Is your organisation prepared for a data breach?

Canada's Fitness Depot Alerts Customers to Data Breach

Dark Reading

The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers' information

E-Skimming Strikes Again: Macy’s Confirms Magecart Data Breach

Adam Levin

Macy’s has informed customers of an e-skimming data breach following the discovery of Magecart malware on its website. In a letter to affected customers, the retailer said that it had detected malware on its e-commerce website on October 15 and that it had been active for a little over a week. . Magecart attacks are a growing threat to online retailers and e-commerce sites, where rogue code is inserted into sites to “skim” customer card information.

3 ways a data breach can occur

IT Governance

We’ve talked a lot recently about the financial effects of data breaches and how you should respond to incidents , but that still leaves the question of how data breaches occur. This blog looks at some real-world examples of some of the most common causes of data breaches and explains how they occurred. It lost three months’ worth of data as a result, but there was no guarantee that the crooks would keep their word and return the information.

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

With organisations across the globe turned upside down by the COVID-19 pandemic, there has never been a worse time to suffer a data breach or cyber attack. However, it bears reminding that most breaches take 100 days or more to be discovered, so we could be seeing the effects of the coronavirus for months after our everyday lives get back to normal. Australia’s Defence Force Recruiting systems were taken offline after security breach (unknown). Data breaches.

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. Data backup services.

Adidas data breach

IT Governance

On 28 June 2018, athletic apparel company Adidas announced that its US website had suffered a data breach , exposing online customers’ personal data. The breach was detected on 26 June. In its statement , Adidas said: “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. If you would like more information on how to do this, request a call with one of our retail experts.

Heathrow Airport fined £120,000 for data breach

IT Governance

The ICO (Information Commissioner’s Office) has fined Heathrow Airport £120,000 for failing to secure sensitive personal data after a member of public found an unencrypted USB stick containing data about the airport’s staff. This data was “erroneously captured” during a three-second portion of the video, when a page from an open ring binder containing the information briefly appeared on screen. How did the data breach occur?

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform. Like other Magecart attacks , crooks compromised the online store and injected a JavaScript code into checkout pages to steal payment data while users were making purchases.

Morrisons heads to the Supreme Court over data breach

IT Governance

The Supreme Court has given Morrisons permission to appeal a ruling that found the supermarket liable for a data breach caused by a malicious insider. Morrisons has lost two cases related to its March 2014 data breach , in which Andrew Skelton, a senior internal auditor at the supermarket’s Bradford office, leaked the payroll data of 99,998 employees. Skelton was arrested soon after leaking the data and in July 2015 was sentenced to eight years in prison.

Freedom Mobile data breach impacts at least 15,000 customers

Security Affairs

Canadian Freedom Mobile mobile network operator exposed the details of many customers, including their payment card data. Exposed records include email addresses, phone numbers, home addresses, dates of birth, IP addresses associated with payment methods, credit scores (from Equifax and other companies), unencrypted payment card data with CVV codes, locations, and other customer service records, and account details. All the data was encrypted.

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores. As the data contains alleged criminal records, it could be considered sensitive information under the GDPR (General Data Protection Regulation). How did it inform the data subjects that their data was being processed?

Retail in 2019 needs security precautions

Thales eSecurity

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to give customers more personalized and immediate experiences both in-stores and online. They might at first glance, but retailers are now exposing themselves to a whole host of security risks as these connected shopping technologies evolve. Data security

Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash

Threatpost

After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.

Sales 102

List of data breaches and cyber attacks in October 2019 – 421 million records breached

IT Governance

In a month where security experts across Europe were boosting awareness of cyber security , organisations had mixed results in their own data protection practices. On the one hand, the 421,103,896 data records that were confirmed to have been breached in October represents about 50% of the monthly average. It was also a particularly bad month for the UK, with 9 confirmed breaches. Comodo Forums users told that their data has been stolen and traded online (170,000).

Has the cause of the BA data breach been identified?

IT Governance

The latest news reports claim that the cause of the data breach has been identified by a RiskIQ researcher, who has analysed the code from BA’s website and app. They say that there is evidence of a “skimming” script designed to scrape data from online payment forms. RiskIQ adds that it has been able to identify 22 lines of modified JavaScript that grabbed data from BA’s online payment form and sent it to the criminal hackers’ server as soon as the customer clicked ‘submit’.

Retailers increase cyber security spending, but attacks continue to rise

IT Governance

The UK’s biggest retailers are spending more than ever on cyber security but are continuing to see an alarming rise in cyber attacks and data breaches due to the ever-evolving threat landscape, a report has found. According to The British Retail Consortium’s 2019 Retail Crime Survey , large organisations invested £162 million in cyber defences in the 2017­–18 financial year, an increase of 17% on 2017. Are retailers investing wisely? Retail

Superdrug’s customers affected in data breach

IT Governance

Yesterday evening, Superdrug contacted its customers about a data breach affecting a reported 20,000 individuals. Were they breach ready? As we often say, all organisations should prepare themselves for a data breach. Their statement also makes no comment about informing the ICO (Information Commissioner’s Office) about this data breach. Cyber Security Retail

Multiple Retailers Sued Under CCPA for Sharing Data Used to Identify Fraudulent Returns

Hunton Privacy

Earlier this year, The Retail Equation, a loss prevention service provider, and Sephora were hit with a class action lawsuit in which the plaintiff claimed Sephora improperly shared consumer data with The Retail Equation without consumers’ knowledge or consent.

Prompt notification would ease pain of data breaches, survey reveals

Information Management Resources

At the same time, consumers hold banks to tougher disclosure standards than government agencies, health care organizations and retailers, according to Experian. Cyber security Data security Data breaches

List of data breaches and cyber attacks in November 2019 – 1.34 billion records breached

IT Governance

It was a big month for data breaches this month, with a confirmed 1,341,147,383 records being exposed in 87 incidents. Here is a full list of data breaches in November – as always, those affecting the UK are listed in bold. James Fisher and Sons says no data was lost in cyber attack (unknown). Perth Anaesthetic Group breached as hackers break into database (unknown). Brooklyn Hospital Center couldn’t recover data after malware attack (unknown).

Malware on SHEIN Servers Compromises Data of 6.4M Customers

Threatpost

A data breach targeting women's apparel giant SHEIN occurred between June and August 2018. Breach Vulnerabilities data breach retail retail breach SHEIN

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. Q6Cyber CEO Eli Dominitz said the breach appears to extend from May 2019 through September 2020.

Sales 243

How the PSD2 helps prevent payment card data breaches

IT Governance

We provide guidance and solutions to help keep your data secure and respond quickly in case disaster strikes. The post How the PSD2 helps prevent payment card data breaches appeared first on IT Governance Blog. Retail PSD2On 14 September 2019, the PSD2 (Second Payment Services Directive) will take effect, overhauling the way people pay for goods and services across the EU.

Dixons Carphone reveals data breach affecting 5.9 million customers

The Guardian Data Protection

Consumer electronics retailer apologises and says there is currently no evidence of fraud Dixons Carphone has revealed a major breach of data involving unauthorised access to 5.9 The consumer electronics retailer said it had detected an attempt to compromise the cards in a processing system at Currys PC World and Dixons Travel, but said there was no evidence of any fraud as a result of the incident.

Forever 21 Informs Shoppers of Data Breach

Dark Reading

Forever 21 learned an unauthorized actor may have accessed payment card data at certain retail stores

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Security Affairs

LightInTheBox is a Chinese online retailer trading on the New York Stock Exchange, most of its customers are in North America and Europe. The data leak was discovered by VPNmentor in late November, data in the archive was “unsecured and unencrypted”, and accessible from anyone via a web browser. “Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a leak in a database belonging to the online retailer LightInTheBox.”

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales eSecurity

Business is booming and data is flowing. Retailers and shoppers are leveraging and enjoying many benefits data sharing brings: loyalty programs, personalized experiences, easier product location and ordering, online shopping, mobile access and the list goes on. Unfortunately, this results in retailers as a top target for cyberattacks. According to the 2019 Thales Data Threat Report – Retail Edition , nearly two thirds (62%) of U.S. Data security

International clothing chain C&A in Brazil suffered a data breach

Security Affairs

The clothing chain C&A in Brazil suffered a cyber attack on its gift card/exchange system last week, hackers leaked data on Pastebin. The International fashion retail clothing chain C&A in Brazil suffered a data breach, the company confirmed hackers hit its gift card platform. A member of the Fatal Error Crew hacker group that use the moniker @joshua has published on Pastebin the data from C&A customers who purchased gift cards online.

Dixons Carphone faces ?400m fine following biggest online data breach in UK history

IT Governance

Little more than three years since its previous security incident, electronics retailer Dixons Carphone has admitted to a data breach compromising 5.9 million personal records – making it the biggest online data breach in UK history. In a statement released on Wednesday, the retail giant revealed it had identified the colossal breach while it was reviewing its systems and data.