Retail Cyber-Attacks Round-Up

May 31, 2017//Ellen Neveux

Last Updated: November 18, 2020

Almost one in three retailers have suffered a cyber-attack, according to this Retail Dive article.

If you thought 2016 was a bad year for retailers like Eddie Bauer, 2017 hasn’t even got started yet. The outdoor clothing and accessories retailer’s 350 stores fell victim to a POS malware attack last August. More than 2 million customers’ card details from retail stores in the US and Canada were compromised, as the payment systems were infected with data breach malware.

The revenue losses due to these kinds of cyber-attacks on retailers are still mounting – not to mention the costs associated with regulatory fines.

Last month, we reported on some major security breaches affecting retailers. Now, let’s take a look at a few more that have recently come to light.

Arby’s
In February, the fast food store experienced a breach at hundreds of its restaurants across the nation. They quickly contained and eradicated the malicious software that was installed on payment card systems, however, more than 350,000 credit cards were compromised.

Saks Fifth Ave
In March, Saks revealed its customers’ personal details on its website. Data for tens of thousands of customers was visible via a link on the department store’s website – including emails, phone numbers, and IP addresses. It’s still not certain how long the sensitive data was exposed on the site and whether hackers have stolen it for their own agendas.

Brooks Brothers
And earlier this month, the clothing store Brooks Brothers disclosed that an unauthorized individual accessed customers’ credit card information. The data breach compromised customer information after a malicious software was installed on their payment processing systems.

Keep your guard up
The key is to not let your guard down. Cyber-attackers are always looking for a way in. And that includes any access from your third-parties, contractors, partners, or vendors. As new retail technology transforms the buying experience, greater visibility is needed to understand who has access to your customers’ sensitive data.

It seems cyber-attackers are starting to shift their focus from big retailers to smaller franchised stores with more distributed IT infrastructures, according to this Experian article. The article states that a retail breach was among the 10 largest data breaches for all business categories in 2016.

Not only do retailers need to secure their network access to ensure only approved retail IT vendors can access their systems, they must monitor compliance with retail services such as PCI DSS, Visa, and MasterCard. The pressure is on retailers to record and review any activity while vendors are on their systems and to meet regulatory compliance.

With a secure remote access software solution, retailers can mitigate the types of compromises caused by systems with shared access and ensure access levels are tied to the task scope of individual users. With a purpose-built platform, it’s possible for retailers to deliver rapid, safe vendor access, track every system session, and gain proof of PCI compliance.

Read the full data breach Identity Force article.

Read more about a secure remote access software for retailers.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close