[BreachExchange] Cyber attacks on online retailers double in a year as hackers try to steal shoppers' details

Mon Aug 14 20:26:28 EDT 2017

http://www.telegraph.co.uk/news/2017/08/13/cyber-attacks-
online-retailers-double-year-hackers-try-steal/

The numbers of online shops hit by serious losses of customer data has
doubled in the past year as hackers try to plunder retails sites for
valuable personal details, a law firm has warned.

Customers are increasingly at risk as retailers amass ever growing
collections of their shoppers’ personal information.

Online shopping, digital marketing and loyalty schemes mean shoppers submit
more and more information to retailers that is of value to cyber criminals.

Jeremy Drew, a partner at the RPC law firm, said: “Retailers are a goldmine
of personal data but their high profile nature and sometimes aging complex
systems make them a popular target for hackers.”

Figures released by the Information Commissioner’s Office show the number
of retail firms reporting data breaches has doubled in just one year.

Breaches involving the loss of client data from hacking or leaking rose
from 19 in 2015/16 to 38 in 2016/17.

The RPC research said: “The risks involved in data breaches are increasing
in the retail industry, as retailers accumulate more and more personal
information on their customers.

“The rise of online shopping, loyalty programmes, digital marketing and
offering electronic receipts in store mean that even a small multiple
retailer will be gathering exactly the kind of data that hackers will be
looking for.”

Mr Drew said overhauling cyber security was a low priority at some
retailers because they were already struggling with the costs of a rising
minimum wage, rates increases and exchange rate falls.

British Airways, Wonga, Sports direct and Tesco Bank are among firms who
have had high profile data breaches in the past two years.

Mr Drew said tougher data protection regulations coming into place next
year would force firms to take the issue more seriously.

He said: “We do expect investment to increase both in stopping breaches
occurring in the first place and ensuring that if they do happen they are
found quickly and contained.

“No UK retailer wants to be in the position of some public examples who
were forced to confirm that it took them nearly a year to close a data
security breach.”

A Government survey of cyber attacks and breaches earlier this year found
just under half of UK businesses said they had been struck in the previous
years.

But a third of businesses had not spent any money trying to bolster
security against attacks and a large proportion did not even have basic
protections.

Wonga, the payday lender, in April warned that up to a quarter of a million
customers of its customers could have been seen  their names, addresses,
bank account numbers and sort codes stolen after "illegal and unauthorised
access" to some of its customers' personal information in both Britain and
Poland.

When Tesco Bank was successfully hacked in 2016, the accounts of one in
three customers were compromised in what is believed to have been the
biggest cyber attack on a British bank to date.

Around 40,000 accounts were compromised and money stolen from 20,000
customers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170814/4db9faac/attachment.html>