Retailers face criticism for failure to protect customer data
Despite lessons learned from past data breaches from Target, Home Depot and others, an epidemic of breaches is hitting the retail industry.
- On March 29, Under Armour announced that 150 million user records of its MyFitnessPal app had been breached. Usernames, e-mail addresses and hashed passwords were exposed.
- On April 1, Hudson’s Bay said data from card payments in some of its Saks and Lord & Taylor stores in North America had been compromised. Reportedly, data was stolen from five million cardholders.
- On April 3, Panera said fewer than 10,000 customers had been affected by a leak. Names, e-mail and physical addresses, birthdays, the last four digits of user credit card numbers and loyalty card numbers were compromised.
- On April 5, a breach tied to Sears’ chat network provider provided unauthorized access to less than 100,000 of its customers’ credit card information. On April 6, Best Buy said a “small fraction” of its online customer population may have been affected by the same leak.
The 2018 Trustwave Global Security Report found breaches affecting checkout systems in stores comprised 20 percent of incidents investigated by the firm in 2017, down from 31 percent the year before. The improvement was attributed to the arrival of chip-enabled credit cards and other defensive steps.
E-commerce incidents, however, expanded to 30 percent of cases, up from 26 percent in 2016. Increased connections with third-party firms, including vendors and credit card processors, was seen adding vulnerabilities to e-commerce.
Many reports reprimanded retailers for not protecting customer data. Chris Hoofnagle, a professor of information and law at the University of California at Berkeley, told The Washington Post, “Security is difficult and expensive, and no one wants to do it.”
Writing for Bloomberg, Sarah Halzack believes retailers aren’t incentivized enough to clamp down on breaches because share prices are rarely affected. The social media backlash has been minimal because consumers have grown used to the hacks. Wrote Ms. Halzack, “Consumers should not accept these conditions as ordinary. Retailers and the payments industry will surely do better if they sense their customers will flee — or at least be indignant — if they do not.”
- Panera’s data breach puts attention on the risks of loyalty programs – The Washington Post
- New Trustwave Report Depicts Evolving Cybersecurity Threat Landscape – Trustwave
- Protect yourself against cybercriminals hitting online retailers – San Francisco Gate
- How to Keep Your Information Safe After the Saks, Lord & Taylor, Under Armour Data – Footwear News
- Sears Joins Growing List of Retailers Managing a Data Breach – Sourcing Journal
DISCUSSION QUESTIONS: Do you see retailers increasingly facing greater vulnerability to online breaches versus in-store? What’s the next step the industry may need to take to address data breaches?