Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers
Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.
How Point of Sale Breaches Happen
In recent weeks, the security news has been dominated by announcements of data breaches resulting from Point of Sale (PoS) malware present on payment processing terminals. All 350 North American Eddie Bauer retail locations and 20 properties managed by HEI Hotels were affected while 3.7 million customer payment cards were compromised at cafes available at Banner Health facilities. Understanding how PoS malware campaigns work and the specific information targeted by attackers educates consumers about the danger that might be lurking on card readers at their local retailer. Increased awareness and adoption of secure payment solutions will increase overall security and reduce the costs and headaches attendant to fraud.
The Evolution of Vendor Risk in the Retail Industry
Last week, Walmart Canada, Rite-Aid, CVS, and Sam’s Club were among the retailers to suspend their online photo operations due to a possible data breach of third-party photo service provider PNI Digital (a Staples subsidiary). This is the latest cyber incident to affect the retail industry, which has witnessed a number of high-profile breaches involving third-party vendors in recent years.
Unfortunately, something ugly has tarnished the canvases of the artists and crafters who used their debit or credit cards to shop at Michaels from May 8, 2013 to January 24, 2014. In late January 2014, Michaels announced that it was investigating a potential security breach involving customers’ credit card information. After weeks of analysis, Michaels finally confirmed yesterday that a targeted attack did indeed occur on some of their point of sales systems and that approximately 2.6 million cards may have been compromised.

At BitSight, we have observed significant botnet activity on Michael’s network over the past year.  In particular, we observed multiple instances of Conficker, a botnet that can comp