Just when we thought the commotion surrounding data theft terror was calming down, a slew of new reports have caused panic among retailers and consumers alike.
This week, supermarket chain SuperValu announced that it is investigating a data breach that may have affected credit and debit cards used in 209 stores between June 22 and July 17, 2014. The breach may have resulted in the theft of account numbers, expiration dates and cardholder names of customers using payment cards at the stores. The breach affects SuperValu stores operated under the Cub Foods, Farm Fresh, Hornbacher’s, Shop ‘N Save and Shoppers brands. Before SuperValu, Goodwill Industries was the most recent retailer to investigate a breach that may have impacted 2,900 stores.
But havoc isn’t only being wreaked in the retail world. Earlier this month, Russian hackers stole 1.2 billion user name and password combinations and more than 500 million email addresses, according to reports from Hold Security.
Advertisement
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”
So what does this mean for retailers across verticals?
“With the increasing importance of online commerce, retailers obviously need to develop a greater sense of urgency around protecting their customer’s personal information,” said Andrew Morris, SVP of Content & Business Development at Money20/20. “There are only three kinds of retailers now: 1) retailers that know they have suffered a data breach, 2) retailers that have but haven’t discovered it yet, and 3) retailers that will have customer data compromised in the near future. It’s going to be an ongoing battle with the cyber-thieves from this point forward.”
To protect their customers from data thieves, Ed Mastrangelo, Sr. Director of Payment Acceptance at Merchant Warehouse outlined the following actions:
“First, for retailers who haven’t changed from their original default passwords provided by their vendors, they should do so now,” Mastrangelo said. “The Payment Card Industry (PCI) Security Standards Council recommends retailers use seven-character alphanumeric passwords without repeating any of their previous four passwords. Second, Merchant Warehouse always recommends that retailers only partner with payment companies that use robust encryption and tokenization to protect consumer data. These solutions convert sensitive information, like credit/debit card numbers, to unrecognizable data and useless information for hackers."
There also are new partnerships developing between retailers, law enforcement and companies that offer solutions and technologies to mitigate risk of fraud, Morris noted. "Retailers just need to be proactive in their efforts to deploy them.”
What other advice can you provide to retailers?
