Retailers favorite targets of hackers
Source: Lorraine Mirabella
Target, eBay, Michaels Stores, Neiman Marcus, P.F. Chang’s and SuperValu, the parent of Shoppers Food & Pharmacy. It reads like a who’s who of American retail and dining, but it’s also a list of companies that lost customer data to cyberattacks in the past year.
Data thieves are striking with alarming frequency and, more and more, security experts say, they go after the places where people shop.
The swipe of a credit card, the wave of a mobile phone at Starbucks, logging into retailers’ sites via Wi-Fi ― increased connectivity, from mobile devices to cloud computing, has opened the door wide for cybercriminals.
Reports of data breaches, relatively rare even five years ago, now crop up constantly. Cyberattacks are growing in size, too, with tens of millions of consumers potentially facing the prospect of their identities or credit- or debit-card account information being stolen. One breach of 100 million records or more has been reported in each of the last four quarters, says SafeNet, a data-security company.
“People connect from everything to everywhere, and there’s no perimeter anymore,” said Tsion Gonen, SafeNet’s chief strategy officer.
Criminals hit retailers because they have access to vast quantities of sensitive information, such as credit-card data, through online and in-store payment systems.
“It’s incredibly pervasive and almost unfair to single out specific retailers, because it’s just so pervasive,” Avivah Litan, a security analyst for the technology-research firm Gartner. “Some of them are disclosed, and a lot of them aren’t. Some don’t even know they are breached. It’s an epidemic.”
Through July, more than 385 million customer data records had been stolen worldwide this year. Nearly 40 percent of all records stolen came from retailers, who were hit harder than the financial, technology, government and health-care industries. (Though JPMorgan Chase & Co., one of the nation’s largest financial institutions, recently said its sophisticated threat-detection system missed a huge breach of its systems, resulting in the loss of customer data this summer.)
During the first half of the year, retail breaches nearly tripled, to more than 150 million records stolen, compared with the first half of 2013, said SafeNet, which tracks cases through its Breach Level Index ― a database of breaches that calculates their severity.
Cybertheft is often difficult to trace, and perpetrators can be nearly impossible to locate ― especially outside the United States. And the underground market for stolen credit-card information is thriving, Gonen said.
The average consumer hears about a big retail breach and assumes the company failed to protect itself, Gonen said. But that’s not necessarily true.
“Everybody gets hacked” or can be, he said, including “people who customers trust and data is their business.”
In May, eBay announced that 145 million customer accounts were exposed by hackers. In April, Michaels Stores reported that credit-card information for 2.6 million customers might have been stolen over a period of months starting last year. In January, Neiman Marcus confirmed that 1.1 million customers’ card information had been stolen.
Just last month, P.F. Chang’s, SuperValu and UPS Stores reported data breaches.
The SuperValu breach affected an unknown number of customers at 180 stores. SuperValu said it occurred in the computer network that processes payment cards at some stores, where account numbers, expiration dates and/or cardholder names could have been stolen.
Consumers might not be able to prevent credit- or debit-card fraud, but they can take steps to protect themselves and minimize damage, the Federal Trade Commission says. Shoppers should save receipts to compare to statements, review bills online often, and report any questionable charges to the card issuer, the FTC suggests.
| }
|