The RH-ISAC is proud to bring you the 2021 RH-ISAC Cyber Intelligence Summit this September 28-29, 2021. Join us for a virtual two-day event that brings together top cybersecurity leaders and teams representing the most prominent organizations in retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. Called the “Crown Jewel …
Join us for a virtual, three-day event that brings together top cybersecurity leaders and teams representing the most prominent organizations in retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. Called the “Crown Jewel of RH-ISAC offerings,” the annual event brings together members from the strategic, operational, and tactical levels to …
Black Friday and Cyber Monday play critical roles in the sales and viability of both online and brick-and-mortar retailers.
According to Adobe Analytics, in 2018, Black Friday recorded over $6 billion in online sales, and Cyber Monday nearly $8 billion. The National Retail Federation (NRF) estimates that 30% of annual retail sales occur between Black Friday and Christmas, making the holiday shopping season a critical time for retailers.
Attacks on Point-of-Sale (POS) systems continue to occur at staggering rates and retailers remain exposed as vulnerabilities in point-of-sale systems afford weak links for attackers to exploit. According to the 2018 Verizon Data Breach Investigation Report (DBIR), of the more than 53,000 incidents examined, 2,216 were confirmed data breaches. The Gemalto Breach Level Index, shows retail at 11% of all breaches in 2017, in 3rd place, only slightly behind Financial at 12%, and Healthcare at a staggering 27%. These findings underscore that cybercrime continues to have a far-reaching impact on businesses across all regions and industries and retail remains squarely in the attacker’s cross-hairs.
Millions of Panera Bread customers may have had their personal data exposed by the fast-casual restaurant chain, according to security experts.
Until Monday, scores of customer information — including names, email addresses, home addresses, birth dates and final four credit card digits — was accessible as plain text on the company’s website, according to a report from security writer Brian Krebs. It’s not clear whether anyone actually accessed any of the data, which was supplied by customers who had made accounts for food delivery and other services.
Hackers stole information for more than 5 million credit and debit cards used at Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores.
Hudson’s Bay Company, which owns the retail chains, confirmed the breach Sunday, and said it has “identified the issue, and has taken steps to contain it.”
“Once the Company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” Hudson’s Bay said in a press release.
The company added that the cards were used for in-store purchases, and there is “no indication” online purchases were affected. Hudson’s Bay said it’s cooperating with law enforcement in an ongoing investigation.
A cybersecurity firm called Gemini Advisory identified the breach and posted a blog post detailing its scope. The “attack is amongst the biggest and most damaging to ever hit retail companies,” according to the firm.
Gemini Advisory said a hacking syndicate put credit and debit card information it obtained from the hack up for sale on the dark web last week.
A “preliminary analysis” found credit card data was obtained for sales dating back to May 2017, according to the post. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the “majority of stolen credit cards were obtained from New York and New Jersey locations.”
The hackers were also behind notorious data breaches that affected companies including Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels, Gemini Advisory said.
By: Carolyn Crandall It is never a good time to have to report a Point of Sale (POS) breach, but having to do so as holiday spending season commences is especially miserable, as this is a sure way to lose consumers’ trust and confidence in your organization during a potentially lucrative time of year.
As we gear up for our eagerly-anticipated Black Friday and Holiday spending rituals, let us hone in on the pervasiveness of serious security threats at work in the nation’s largest POS systems.
This blog discusses how POS breaches continue to pose an overwhelming threat to retail, hospitality, and business organizations worldwide.
WASHINGTON — Months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.
As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.