The breaches of Target, Home Depot, eBay and Michael’s are just the biggest among  a rash of data breaches hitting retailers. Suffering a breach is now a fact of life for retailers, says security firm IDT911.

Retailers can expect criminals will continue to successfully penetrate their networks and must prepare for what to do in the wake of data breaches, says Adam Levin, founder and chairman of IDT911, a provider of data risk and identity management services. IDT911 recently released analysis on several major breaches: those of Target Corp., The Home Depot Inc., Michael’s and eBay Inc.

The costliest breach was at Target, which costs the retail giant an estimated $148 million before fines. “In a nation where everything is super-sized, Target was one of the first true big-box retailers thrust into the spotlight after their mega breach,” Levin says. “While a number of their executive team members have walked the plank and their board is the target of litigation, and their bottom line and share price have taken a hit, the breach highlights the importance of scrutinizing every vendor’s security practices—or at least looking into cyber insurance to mitigate the damage of a vendor caused breach.”

Home Depot’s breach compromised 56 million cards via malware that was installed to skim card information from the retailer’s in-store point of sale system. The breach cost the home improvement retailer an estimated $62 million and went on for five months. “Home Depot’s situation is not only a PR nightmare for the home improvement colossus, but it is becoming the poster child for poor security practices across the board,” Levin says. “Based upon the enormity of their footprint and alleged poor security, I’m mystified that it took as long as it did for them to be breached.”

Michael’salso fell victim to POS skimming malware—in two separate eight-month-long incidents. “Unfortunately, in the breach lottery Michael’s hit the Exacta—old-school skimmers installed in the dead of night on their POS systems did the trick in the first breach, and the now-popular POS malware scorched them for a second time—for three million,” Levin says. “Two high-profile breaches in a couple of years isn’t a goodwill builder for the craft giant.”

Online marketplace eBay fell victim to a breach that compromised the login information of its employees and customers. eBay advised customers to change passwords. The number of accounts compromised and the duration of the breach are unknown. “Sophisticated spear phishing scams can turn even the most savvy and sophisticated employee into an unwitting co-conspirator,” Levin says. “Comprehensive, continuous security training for all employees, implementation of tough security protocols, use of intricate passwords and rigorous outside testing and monitoring can help avoid a reputation damaging breach.” “Spear phishing” refers to phony e-mails that make use of detailed information about the recipient to seem more legitimate.

advertisement

Levin says that while retailers are judged today by whether or not they suffer a breach, in the future, the response will be the test in the future. “An urgent, transparent and empathetic response will go a long way toward quelling fears and rebuilding trust and goodwill,” he says.

Favorite