The issue of customer safety has come to the fore once again, as a handful of high-profile retailers in the US have fallen victim to hackers. Following on from the news that thieves managed to swipe details of credit cards belonging to over 40 million customers of supermarket chain Target last month, it seems that more retailers have been hit by cybercriminals.
It was recently revealed that at least three more retailers in the US were subject to similar crimes earlier last year. Fellow retailers Neiman Marcus were also targeted, but the identity of the others involved has yet to be revealed. The hack attack allegedly happened during the Christmas period, when shoppers tend to be at their busiest, providing ample opportunity to grab precious data.
One way in which data was collected from Target customers was by infecting many of the computers used to authorise payments with malware. Then, the data was taken by the criminals and sold on for a sizeable sum, leaving the retailer to impose spending limits with debit cards on its customers. As for who was behind the attack on Target and Neiman Marcus, their identity was revealed quickly.
Apparently, the mastermind behind the malware which enabled the pilfering of data from millions of customers was an unnamed 17-year-old from St Petersburg in Russia. This shows that, among other things, age is no barrier to knowing how to hack a major retail firm, which is pretty worrying as more enterprises come forward to reveal how they have been affected.
What all the affected businesses are likely to have in common is that they haven’t paid enough attention to how secure their computer and payment systems are. With their ignorance, they’re opening the door to hackers looking to make a quick buck. According to Andrew Mason, a security expert for RandomStorm, the solution to this problem may be surprisingly easy. He said:
Andrew Mason, co-founder and Technical Director of RandomStorm comments, “Though precise details of the attack are yet to be confirmed, the Target hack demonstrates that merchants can’t simply rely on quarterly and annual audits of their card data environment. They must continuously monitor their networks for new vulnerabilities and suspicious activity and act swiftly to remediate them. A tick in the compliance box does not mean that you can ignore the logs for the next three months, security is an ongoing process.”
Paying closer attention to how secure the business’s entire computer system is easier said than done, especially for companies with hundreds of branches such as Target. However, in giving the issue a swerve, they’re likely to become fair game for many a hacker trying to get their hands on whatever data they can steal and then sell off for a significant sum to whomever’s interested.