Need a web designer, SEO advisor or other ecommerce expert?
Quickly and conveniently find solutions for your online business before making your next planning or purchasing decisions. Gather key insights and information before selecting your vendors.
Visit ALL EC today.
An alarming number of major U.S. retailers, industrial firms, government agencies and other organizations have been hit in a recent wave of cyberbreaches that may signal increasing vulnerability for consumers and businesses alike.
The attacks have exposed millions of consumer payment cards to fraud. Cyberthieves have used a variety of methods to infiltrate corporate computer systems and resell financial data on the Dark Web.
What is particularly worrisome is that in the aftermath of the high-profile intrusions during the 2016 presidential election and the massive ransomware attacks of 2017, there seems to have been little to no movement in developing comprehensive strategies.
It appears that many major U.S. institutions have been maintaining the status quo instead of implementing new measures to protect critical financial and personal information from determined adversaries, whether criminal cybergangs or rogue nation states.
“U.S. companies and organizations are woefully underprepared to deal with modern attacks like this — and the problem is simply exacerbated by the amounts and access to personal data these companies and institutions store,” said Kevin O’Brien, CEO of GreatHorn.
The personal data stolen in past attacks enhances the efficacy of future attacks, he told the E-Commerce Times. Executive impersonation scams, for example, have risen 300 percent over the past year.
Nearly one in three executives have fallen victim to these type of attacks, either by clicking links in suspicious emails or by having their names and emails spoofed and used in propagating future breaches, GreatHorn has found.
Orbitz, Under Armour
Travel website Orbitz on March 20 announced that credit card data belonging to 880,000 customers on a legacy platform might have been accessed by an attacker between Oct. 1 and Dec. 22, 2017, according to spokesperson David McNamee.
After bringing in a leading third-party forensic team and notifying law enforcement, Orbitz determined that the attacker might have accessed data for trips purchased between Jan. 1 and June 22, 2016, on its legacy site and purchases on its legacy partner platform for trips purchased from Jan. 1, 2016 to Dec. 22, 2017.
The compromised information included names, credit card numbers, dates of birth, email addresses, physical addresses and gender. The company did not disclose how the attackers accessed the data. Orbitz has offered customers a year of free credit card monitoring in response.
Under Armour on March 29 announced that 150 million accounts using the MyFitnessPal food and nutrition app had been compromised due to an unauthorized third-party having gained access to user data sometime in February.
The breach, which was discovered on March 25, involved usernames, emails and hashed passwords, but not credit card, driver’s license or social security numbers. Under Armour called on data security firms and law enforcement to address the breach and has notified…