American retailer Guess discloses data breach after ransomware attack

Security Affairs

American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. On July 9, 2021, the fashion retailer started sending notification letters to the individuals whose information may have been involved.

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

Threatpost

Web Security copycat sites Fraud holiday shopping Let's Encrypt Phishing retail tls valid certificatesThe copycat sites are using valid certificates to be more convincing.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Chilean-based retail giant Cencosud hit by Egregor Ransomware

Security Affairs

Chilean-based retail giant Cencosud has suffered a ransomware attack that impacted operations at its stores, Egregor ransomware appears to be involved. BleepingComputer was the first to confirm that the retail giant was hit by Egregor ransomware after it obtained the ransom note.

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. Now comes something called attribute-based encryption, or ABE, a new approach to encrypting data that holds the potential to infuse agility into how encryption gets done online.

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. Encryption certificates.

Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach

Security Affairs

Retail giant Home Depot has agreed to a $17.5 The US largest home improvement retailer giant Home Depot agrees to $17.5 According to the US retailer the payment card information of approximately 40 million Home Depot consumers nationwide.

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales Cloud Protection & Licensing

Retailers and shoppers are leveraging and enjoying many benefits data sharing brings: loyalty programs, personalized experiences, easier product location and ordering, online shopping, mobile access and the list goes on. Competition is one of many challenges retailers face and while that’s nothing new, the data-driven approach online and brick-and-mortar merchants use today is evolving quickly with transformative technology capabilities. Business is booming and data is flowing.

Are Data Breaches the New Reality for Retail?

Thales Cloud Protection & Licensing

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. While retailers digitally transform their businesses to better serve the higher demands of their customers, they’re being challenged with safeguarding personal data to protect customers, partners and suppliers’ critical information.

Retail has a multi-cloud problem…with sensitive data

Thales Cloud Protection & Licensing

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them. Encryption technologies are the top tools needed.

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. But none of these reasons rose to the top in retail. Is it that too many retailers have looked around at other retailers with recent breaches, and noticed no shortage of customers?

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. And I certainly agree that the benefits of a standardized encryption algorithm that we all trust and use outweigh the cost by orders of magnitude.

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

It’s a tough time to be a retailer. Using POS devices for other tasks: Carson said retailers too often allow users to leverage POS systems for common tasks like checking email or surfing the Web.

Sales 52

Data: E-Retail Hacks More Lucrative Than Ever

Krebs on Security

Traditionally, the average price for card data nabbed from online retailers — referred to in the underground as “ CVVs ” — has ranged somewhere between $2 and $8 per account. In contrast, the value of “ dumps ” — hacker slang for card data swiped from compromised retail stores, hotels and restaurants with the help of malware installed on point-of-sale systems — has long hovered around $15-$20 per card.

Retail 174

The Countdown to Black Friday Has Begun. Are Retailers and Consumers Ready?

Thales Cloud Protection & Licensing

So before the shopping frenzy begins, we thought this would be an opportune time to outline some best practices that both retailers and consumers should follow in order to protect consumer data. Customers are expecting more and more when it comes to their shopping experience, and this holiday season will push the envelope as retailers are making brick-and-mortar stores more digital and connected while offering online shoppers an in-store experience.

Forever 21 Found Malware and Encryption Disabled on its PoS Devices

Dark Reading

The retailer found signs of unauthorized access and malware installed on point-of-sale devices during an investigation into last year's data breach

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Hunton Privacy

On January 8, 2017, the UK Information Commissioner (“ICO”) issued an unprecedented monetary penalty of £400,000 against British mobile phone retailer, The Car Phone Warehouse Limited. the encryption keys for historical transactions were not stored safely. Cybersecurity Enforcement International Security Breach Encryption EU Regulation Information Commissioners Office Penalty Personal Data Privacy United Kingdom

Neiman Marcus Settles Lawsuit Over Payment Card Breach

Data Breach Today

Agreement With 43 States Requires Retailer to Use Encryption, Tokenization Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. The retailer will pay $1.5 million and must use encryption and tokenization to protect card data

Retail 140

The importance of encryption in complying with Australia’s Privacy Amendment Act

Thales Cloud Protection & Licensing

Around the same time, US fashion retailer Forever 21 admitted that hackers had collected customers’ credit card information from its stores’ point of sale terminals over much of 2017, and the information of nearly 1.2 One thing all of these incidents have in common is how accessible the leaked information was after the breaches themselves occurred, something that could have been avoided had the data been encrypted.

Adidas data breach

IT Governance

In its statement , Adidas said: “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. If you would like more information on how to do this, request a call with one of our retail experts. Cyber Security EU GDPR RetailOn 28 June 2018, athletic apparel company Adidas announced that its US website had suffered a data breach , exposing online customers’ personal data. The breach was detected on 26 June.

Marriott Starwood hack affects 500 million customers

IT Governance

Encrypted payment card numbers. Cyber Security Data Protection PCI DSS Retail Breaches and Hacks data breach Hack travel and tourismHotel giant Marriott has confirmed that its Starwood Hotels & Resorts guest reservation database has been hacked by an unauthorised party. Affecting 500 million people, the vast hack has exposed a considerable amount of data including: Names. Phone numbers. Passport numbers. Payment card expiration dates.

Dixons Carphone: 5.9 million payment cards compromised

IT Governance

At this point, the major consumer electronics retailer said there was no evidence of any fraud. The retailer’s chief executive, Alex Baldock, has apologised for the data breach and admitted that the firm has failed its customers. This isn’t the first time that the retailer has suffered a data breach. The data accessed included names, addresses, dates of birth, email addresses and bank details, as well as the encrypted card details of 90,000 people.

FIFA caught hook, line and sinker in phishing attack

IT Governance

While many of us can appreciate his perspective, the fact remains that there are effective tools and systems that organisations can employ to reduce the risks when sharing information, such as encryption, password controls and permissions settings. Cyber Security Retail Staff Awareness data breach football phishing phishing attack SportFootball world-governing body FIFA has admitted that its systems suffered a sustained phishing hack earlier this year.

Safely adopting technology in the hospitality industry

IT Governance

They also offer other compelling benefits, such as unlimited data storage, encryption, technical support and reduced demand for internal hardware. . Cyber Resilience Cyber Security Data Protection PCI DSS Retail Staff Awareness Training hospitality hotelsThe hospitality sector has embraced consumer-facing technology.

Sailing the cyber security waves

IT Governance

This could include: Staff training ; Limiting user privileges; Keeping systems up to date; Implementing encryption methodologies; and. Cyber Security Data Protection ISO 27001 Retail Staff Awareness Cruise operators Freight Maritime industry Shipping Travel travel and tourismShips have experienced a digital transformation in recent years. New technologies are helping them navigate the waters and ensure that everyone on board experiences the connectivity and convenience they expect.

Retailers must upgrade online credit card processing security by June 30

Data Protection Report

By June 30, 2018, retailers accepting digital (online) credit card transactions must cease using encryption protocols known as SSL or TLS 1.0. Retailers must transition to TLS 1.1 Encryption protocol TLS 1.0 so upgrading encryption may involve more than a quick protocol fix. The PCI Security Standard Council has offered guidance on moving to higher encryption protocols, including an infographic.

Experts report a rampant growth in the number of malicious, lookalike domains

Security Affairs

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. Ahead of the holiday shopping season , security experts from Venafi conducted a study of typosquatted domains used to target 20 major retailers in the United States, the United Kingdom, Australia, Germany, and France. Over half (60%) of the look-alike domains studied use free certificates from Let’s Encrypt. .

Robot receptionists aren’t the answer: Why the hotel industry should rethink its approach to smart technology

IT Governance

For example, 29% of hotels didn’t encrypt initial links containing booking IDs and references to customers, which could enable crooks to eavesdrop and steal these details. Cyber Security RetailThe hospitality sector has been clamouring for technological innovation recently, with organisations eager to find novel ways to improve the customer experience. You might have heard about Connie, a Watson-enabled robot concierge that’s been introduced at the Hilton in McLean, Virginia.

Morrisons loses data leak appeal

IT Governance

Not only do systems typically encrypt data during the transfer process, but permissions-based data access ensures that: only those who are meant to access the data do; there are records of data activity; and there is a reduced risk of loss or misuse as the data won’t be stored inappropriately or insecurely. Cyber Security Data Protection IT Best Practice Retail data breach data misuse

Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land

Security Affairs

E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company. E-Land Retail is a South Korean conglomerate headquartered in Changjeon-dong Mapo-gu Seoul, South Korea.

Retail 111

Addition to Washington Breach Law Imposes Retailer Liability in Payment Card Breaches

Hunton Privacy

For example, there is no liability if the account information was encrypted at the time of the breach. Under a Washington law effective July 1, 2010, certain entities involved in payment card transactions may be liable to financial institutions for costs associated with reissuing payment cards after security breaches. Designed to encourage the reissuance of payment cards as a means of mitigating harm caused by security breaches, Washington H.B.

Data Stewards, Say Goodbye to Painful, Rules-based Matching.

Reltio

You can generate on demand with background re-encryption of data using the new keys or automatically, according to a schedule. Business IT B Business B Compliance B Compliance & GDPR B Customer 360 B Digital Transformation B IT B Machine Learning B Retail & CPGBring on the data and teach the machine to make your life easier. Too much data, too little time! Today’s data management problem is not one of lack, but that of excess.

MDM 40

The Future of Payments Security

Thales Cloud Protection & Licensing

The Verizon DBIR 2020 report indicates that financially motivated attacks against retailers have moved away from Point of Sale (POS) devices and controllers, towards web applications. Figure 1: Web application breaches in the Retail industry. Encryption.

Retail 106

Report Shows Major Security Holes in Banking Apps

Adam Levin

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

That said, it was devices like 3D printers, data collection terminals and geolocation trackers in such segments as manufacturing and retail that generated 59 percent of the transactions from IoT devices.

IoT 83

Ransom Gangs Emailing Victim Customers for Leverage

Krebs on Security

” The message above was sent to a customer of RaceTrac Petroleum , an Atlanta company that operates more than 650 retail gasoline convenience stores in 12 southeastern states.

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

But typically, such breaches occur when cybercriminals manage to remotely install malicious software on a retailer’s card-processing systems. “These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions,” Hy-Vee said. “This encryption technology protects card data by making it unreadable.

Sales 200

QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

Security Affairs

This ransomware strain emerged in September 2020, but the threat actors behind already managed to lock quite big companies, such as game developers Crytek, booksellers Barnes & Noble, and most recently a retail giant Cencosud from Chile. of victims) and Retail (14.5%).

GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

The Last Watchdog

Encryption provides an extra layer of security and control over your data, as well as the systems holding and transmitting your data. This enables regulatory compliance with HIPPA for healthcare organizations, PCI DSS for retailers, and other regulations. Data encryption also allows your employees to continue sharing files through familiar systems like email. For complete control of your encrypted data, you must have sole access to your encryption keys.

REvil gang exploited a zero-day in the Kaseya supply chain attack

Security Affairs

“We are tracking ~30 MSPs across the US, AUS, EU, and LATAM where Kaseya VSA was used to encrypt well over 1,000 businesses and are working in collaboration with many of them.

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

The Last Watchdog

The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. Cybercriminals have begun escalating their efforts to bend the legitimate online advertising and retailing fulfillment ecosystem to their whims. Hark back two decades, Olson says, and the software that website publishers deployed to conduct online advertising and retail transactions was 80 percent homegrown.

Retail 124