Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers
Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.
How Point of Sale Breaches Happen
In recent weeks, the security news has been dominated by announcements of data breaches resulting from Point of Sale (PoS) malware present on payment processing terminals. All 350 North American Eddie Bauer retail locations and 20 properties managed by HEI Hotels were affected while 3.7 million customer payment cards were compromised at cafes available at Banner Health facilities. Understanding how PoS malware campaigns work and the specific information targeted by attackers educates consumers about the danger that might be lurking on card readers at their local retailer. Increased awareness and adoption of secure payment solutions will increase overall security and reduce the costs and headaches attendant to fraud.
The Evolution of Vendor Risk in the Retail Industry
Last week, Walmart Canada, Rite-Aid, CVS, and Sam’s Club were among the retailers to suspend their online photo operations due to a possible data breach of third-party photo service provider PNI Digital (a Staples subsidiary). This is the latest cyber incident to affect the retail industry, which has witnessed a number of high-profile breaches involving third-party vendors in recent years.
The Data Breach is Over... let the Phishing Begin!
Last week it was revealed that more than 53 million email addresses were stolen as part of the Home Depot breach discovered last September. Combined with the 76 million email addresses stolen in the JPMC data breach in June, we're talking about more than 125 million email addresses available for cyber criminals to use in highly targeted email phishing scams.