The need for well-designed cybersecurity programs has never been higher, and this applies to consumers and corporations. As hackers become familiar with various types of security software, the need to develop newer and stronger applications arises, and even the most advanced commercial software will need to updated constantly as well. Listed below are just three of the major retailers that have suffered from destructive security breaches in the recent past.
Between July 20, 2014 and September 16, 2014, office product supplier Staples suffered a security breach in its purchase order records that compromised the credit cards of about 115 stores and 1.16 million customers. Security specialists discovered that the hackers were using variants of the same malware that infected the records of Target, Dairy Queen, and Home Depot, to name a few. The spyware used was identified as Backoff, and the transaction dates of certain purchases imply that Staples stores in Pennsylvania, New York and New Jersey were affected by it.
The credit card numbers were taken illegally from Staples store records and then charged for orders at various other retailers, frequently grocery or mail supply stores. The spyware basically took advantage of a flaw in the encryption procedures used by POS machines. At the very second the buyer entered their credit card details, the data was encrypted to safeguard it from any spying eyes. But before it was fully transfered to the computer’s memory, it existed very briefly in the form of regular text. It was during this split second that hackers were able to harvest the credit card numbers. The malicious spyware only needed to be placed within the POS terminal in order to save the credit card details and then ration it out to cyber-criminals on the web.
For a period of one month (June 2014 to July 2014), about 76 million members of JP Morgan were afflicted by a breach that allowed hackers access to sensitive information like names, addresses, phone numbers, and the like. The summer cyberattack on JP Morgan also jeopardized the account information of an estimated 7 million independent companies, a figure that is quite small in comparison to the bank estimates and which makes this invasion one of the biggest ever recovered. While the impact of the attack was becoming a lot more obvious, bankers were forced to work overtime behind the scenes in order to lessen the negative impact and inform weary consumers that no funds from their accounts were stolen, and that all of their financial details continued to be safe.
Operating from overseas, the cyber criminals apparently received an index of the software and applications that JP Morgan was using. Then they were able to use this list to exploit known weaknesses in each system, which allowed them to serve as gateways into the bank’s records. This explanation is what has been offered by several experts in the field of bank forensics, all of whom wish to remain anonymous.
In April 2014, Home Depot and its customers had just begun being victimized by credit card fraud. By September 2014, when the issue was discovered and announced, around 56 million customers had been impacted by the data exposure. According to figures from the company’s business insurance, the sheer number of customers affected was up 1.33%, a step up from Target’s +0.99% figure, which affected around 40 million credit cards.
On September 18th of 2014, Home Depot publically announced that the offending spyware employed in its latest breach had been removed from its networks in the U.S. and Canada. The business has also launched a huge business intelligence security project which provides improved encryption of transaction information at the POS in the organization’s U.S. retailers.