The Season of Retail Hacks

Jan 15, 2017 By Arden Rubens

Vera Bradley, fashion retail brand, is one of the many recent cybercrime victims. This luggage and handbag design company revealed that earlier this year, payment systems at multiple locations were hacked, and that an unknown number of personal payment cards used by customers may have been compromised.


With this hack, Vera Bradley joined the large group of retail companies targeted and then successfully attacked by hackers. The group of victim companies includes many heavy hitters such as Target, Home Depot, and Neiman Marcus.

For retailers worldwide, being online and having an application is a no-brainer. And with every retailer from H&M to Walmart embracing the growth trends and expanding past both e-commerce and apps, shoppers have more and more ways to keep up with the latest products and shop them instantly. Retails too now have more and more ways to reach more shoppers all over the world.


But what this means for the cyber security of these retailers is whereas once upon a time the focus was on securing a single database, today the exposed surface expands over multiple databases. Therefore, the cyber attack surface itself is larger than ever.


According to NTT Group’s Global Threat Intelligence Report (2016), the retail industry sector is in fact targeted three times more than the financial industry – the previous top cyber target. This is not surprising given the fact that each retail system contains acutely valuable customer information, making this a very attractive target.


When a retailer is hacked, the fallout can be absolutely catastrophic. Based on a study released by KPMG, 19% of U.S. consumers would stop shopping at a retailer which fell victim to a cyber hack or breach, even if the company took the proper steps to fix the issue and 33% of US consumers with concerns with exposure of personal information would prevent them from shopping at a breached retailer for at least three months. Additionally, 52% of the surveyed shoppers say that they are uncomfortable with shopper personalization tricks, and would prefer that retailers not track their individual information and online habits.


Dutch security researcher Willem De Groot recently released that in the past year, nearly 6,000 online shopping sites have been attacked by leveraging malicious software to access customer payment info. In another recent blog post, De Groot said that multiple cyber criminals were also likely able to skim credit cards used at e-commerce storefronts run by retailers.


Yet, even with such drastic statistics, retails keep falling victim to cybercrime time and time again. The core of the problem is proven to be with retailers being in need of a cyber security revamp.


How can retailers respond to progressively refined hackers and attacks?


With the scale of retailer ecosystem and evolving payment environments, the cybercriminals and the hacking methods they use are also evolving in order to breach what they’re after. Now more than ever, retailers must be diligent and cyber security oriented. In order to prevent attacks similar to the Vera Bradley hack, it is important for retailers to start by selecting the ultimate security program, scan code, identify potential security vulnerabilities in connection to their valuable data and to learn how to keep it secure.

The following two tabs change content below.

Arden Rubens

Social Media Manager & Content Writer at Checkmarx
Arden is the social media manager and a content writer at Checkmarx. Her blogs focus on cyber security trends and the latest developments in the world of AppSec. She aims to educate and inspire developers, security professionals, and organizations to find the best defense against online threats.

Latest posts by Arden Rubens (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.