Waves of widespread, continuous cyber attacks hit the retail sector hard in 2014. Big names, including Home Depot and Michaels, suffered massive data breaches that affected millions of customers. Some experts predicted these hacks would slow in 2015 as new payment systems, such as Apple Pay and credit card chips were introduced. Unfortunately, this simply wasn’t true and this year proved to be no different. Cybercriminals continued their assault on retailers, stealing customer data, including names, addresses, social security numbers and even passport information. With the holiday shopping season in full swing, we took a look at this year to reflect on the retailers who were hit the hardest—and to offer up a few lessons learned.
A Few of the Top Breaches
In October, T-Mobile revealed that hackers stole personal data from 15 million of its customers via Experian, the company that handles credit checks for the wireless carrier. Records containing names, addresses, Social Security numbers, dates of birth, and identification numbers were downloaded leading to a number of class action lawsuits being filed against both T-Mobile and Experian.
CVS and Walgreens were forced to shut down their online photo ordering websites to investigate a breach of customer credit card data in July 2015. Their photo websites were replaced with messages warning customers that their credit card data may have been compromised. Sam’s Club, Costco and Rite Aid were among other retailers potentially affected.
The Ashley Madison data breach was one of the most widely covered breaches in the media this year. The hackers behind the attack leaked user’s personal information, including usernames, first and last names, passwords, email addresses, and partial credit card data. It’s estimated that 37 million people were victim to the breach, including several high-profile names. Although the breach occurred earlier this year, the investigation into the hackers’ identities is still ongoing.
Consumers Don’t Forget
A survey of 1,060 U.S. consumers, conducted by CNBC late last year, busts five commonly held myths about data breaches – including the misconception that consumers are numb to them. The survey revealed that nearly 70 percent of surveyed consumers could correctly identify companies that had been breached. Not only do breaches get burned into consumers’ memories, but the repercussions from the attacks may take years to fully address. In fact, Target has only just recently reached a roughly $39 million settlement for its data breach that leaked customer payment information in late 2013.
While the impact of a breach is substantial for large retailers like Target, a compromise can make all the difference for a small business fighting to stay afloat. Having proper security and prevention in place is key to protecting your business.
Prevention is Key
Though these breaches can be devastating, retailers of all sizes can mitigate risk by anticipating an attack and taking the proper precautions. Rather than scrambling to fix the issues, retailers should plan ahead. By reviewing their cybersecurity strategy now, retailers can better protect themselves, and their customers, in 2016.
Visit SiteLock to learn how our comprehensive website security solutions can help protect you from a data breach.