Live Webcasts
Live Webcasts

What keeps you up at night webinar series

Join us every month to discuss top business challenges.

Tag Archives: data breach

Natural Grocers investigates possible payment card breach

Natural Grocers Investigates Payment Card Data Breach

Natural Grocers is the latest US retailer to announce that it is investigating a possible data breach involving customer payment cards.

The seller of natural and organic foods, which has 93 stores in 15 states, said it is investigating a possible data breach involving an “unauthorized intrusion targeting limited customer payment data.”

The company claims that it hasn’t received reports of any fraudulent use of payment cards from any customer, credit card company or financial institution. However, sources in the financial industry have traced a pattern of fraud on customer credit and debit cards suggesting hackers have tapped into point of sales (POS) systems at Natural Grocers locations across the country, according to US investigative reporter Brian Krebs.

The company said there was no evidence card verification codes were accessed, and no personally identifiable information was involved.

Read the full original story here on computerweekly.com.

cyber attacks in the U.S.

Wall Street Journal: Poll Shows Broad Impact of Cyberattacks

Just fewer than half of Americans say that a retailer, bank or credit-card company has told them or a household member that their payment card details were stolen in a data breach, according to the latest Wall Street Journal/NBC News poll.

That figure has contributed to what many retail analysts are calling “breach fatigue,” in which consumers stop worrying about cyberattacks because they appear in the news so frequently. In the past year alone, major breaches have been reported at Target, J.P. Morgan Chase, Home Depot, K-Mart, SuperValu and others. In many of those cases, the victims and card-issuers pledged to protect consumers from fraudulent charges.

Some 45% of Americans said they had received such a breach notification letter from a retailer or card-issuer that their payment data had been affected by a breach. The Journal doesn’t have comparable data from previous years on the percent of Americans who said they’d been affected by payment card data theft.

The poll also found that more Americans than ever think they have been targeted in Internet crime. As of December, 15% said either they or a member of their household had been hit by online fraud or hacking. When Gallup asked the same question more than four years ago, 11% answered yes.

The Journal/NBC poll of 1,000 adults was conducted from Dec. 10-14. It has a margin of error of plus or minus 3.1 percentage points.

Some 45% of Americans say they or a household member have been notified by a credit card company, financial institution or retailer that their credit card information had possibly been stolen as part of a data breach.

Click here to view the full original story on the Wall Street Journal Blog.

Home Depot Data Breach

Home Depot: 53 Million Email Addresses Stolen in Breach

Home Depot revealed last Thursday that cyber thieves absconded with 53 million email addresses as part of a previously-disclosed breach.

The biggest U.S. home improvement retailer also said the perpetrators managed to access its systems by obtaining login credentials for a third-party vendor. That information alone didn’t provide access to the point-of-sale systems; however, the hackers were able to “navigate” their way to elevated privileges.

The strategy of finding an entryway through a “weak link” is fairly common. Indeed, hackers reportedly found their way into Target’s network through a similar path. JPMorgan Chase’s “corporate challenge” website has also found itself at the center of a probe into how cyber attackers broke into the banking giant’s network.

As evidenced, time and time again, data breaches and the associated costs are continually on the rise. The time is now to beef up your internal systems to protect your customers, your security and your brand.

XiSecure® On-demand for Sensitive Data, Paymetric’s proprietary, award-winning tokenization solution, eliminates the storage and/or transmission of Personally Identifiable Information (PII) in enterprise systems and applications.

Tokenizing sensitive customer information, including email addresses, can greatly reduce the risk of a data security breach and enables you to take advantage of the safe harbor that most breach notification laws provide to companies that secure PII.

Don’t be the next Home Depot. We can help. Learn how.

data breaches

5 Critical Factors to Help You Stay Protected from a Mega Data Breach

Data breaches are hitting the news more than ever before and the trend is getting worse. How much do you know about these breaches and what you can do to protect your data? Read on for the top 5 takeaways from our recent webinar to learn how you can keep your SAP-based business protected.

1. What causes data breaches?

According to a study by the Ponemon Institute, over 37% of data breaches are caused by a malicious or criminal attack, 35% are caused by a negligent employee or contractor and 29% are caused by system glitches. The takeaway here? Data breaches can- and do- result from a multitude of causes and it’s important to make sure your business is taking precautions to protect itself from each type of threat.

2. The impacts of a breach to your business are HUGE

Once a potential breach is discovered, the effects begin to snowball. Companies affected by data breaches not only face fines and litigation fees, but must foot the bill for investigations and audits. Perhaps the worst, however, is when the news hits the media. Breached companies can be faced with a negative brand reputation, loss of business and customer trust and even a potential decline in share value.

3. So what can you do?

Imagine thieves breaking into a vault they think is full of gold. But once they get it open- it’s totally empty. Thieves cannot steal what is not there and the same goes for your data. Turn the sensitive data that is left in your system into data that is totally worthless to anyone on the outside through the use of tokenization.

4. Understand the premise behind tokenization- and use it!

Tokenization replaces a sensitive data value with a “token” value that is useless to anyone outside of your system. Systems that use tokenization are no longer storing raw sensitive data or encrypted data. And unlike encryption, tokenized data cannot be reverse engineered back to the original data. If the system is breached, the original data is safe.

5. Tokens can protect more than just credit card data

So maybe you don’t accept credit cards and think you’re safe? Think again. Data breaches can affect much more than just payment data. Any type of sensitive data- including social security numbers, bank account numbers and medical records- can wreck havoc on your company if exposed. Use tokenization to protect all types of sensitive data to give your company, your employees and your customers peace of mind that their data is safe.

What You Need to Know About the Home Depot Data Breach

It’s been confirmed—Home Depot publicly reported that the company has experienced a data breach impacting debit and credit cards. Have you used a credit card in the past 4-5 months at the Home Depot? You might as well consider it stolen.

Here’s what you need to know about the Home Depot breach so far:

• While credit card data was exposed, Home Depot stated that PINs were not.
• The breach affected Home Depot’s U.S. and Canadian stores.
• HomeDepot.com transactions were not affected.
• Home Depot is saying that the breach impacts customer credit and debit card numbers used in-store between April 2014 and September 2, in the U.S. and Canada.
• If the cards currently being sold by hackers are actually the cards stolen from Home Depot, the breach likely exposed the customer’s name, card number and expiration date.

What is Home Depot doing about this incident?

• The company has removed the malware from their POS network and is still investigating the incident. The company has hired recovery experts as well as two security firms to ensure this incident doesn’t happen again.
• Home Depot is also offering identity protection to any customer who used a card at one of their stores from April 2014 until now. If you have used your card at a Home Depot store during those dates and would like to take advantage of the offer, call 1-800-HOMEDEPOT.
• Additionally, Home Depot is planning to roll out EMV (Chip and Pin) to all U.S. stores by the end of the year.

Could the Home Depot Breach Exceed the Target Breach?

The Home Depot—It’s the latest company investigating a possible data breach in which hackers may have stolen credit and debit card information from consumers at all of the home improvement stores locations. That’s 2,200 U.S. stores.

If the majority of the Home Depot stores were indeed hacked, this breach would exceed the Target data breach, which involved 40 million accounts in three weeks. Target said last month that its breach cost $148 million—and if the Home Depot Breach is larger than the Target breach, it’s going to cost them big time.

According to experts, the attack is similar to the one Target experienced. The hackers likely installed malicious software on the Home Depot’s point-of-sale cash registers, which enabled them to steal bank account information, names, card expiration dates, and other data.

While it is still unknown whether or not Home Depot actually was breached, customers of the store need to pay close attention to their bank, credit and debit card accounts and should report any suspicious activity to their bank.

2014—The Year of the Hack

According to CNNMoney, in the last 12 months alone, hackers have exposed the personal information of 110 million Americans—roughly half of the nation’s adults.

Tallied by the Ponemon Institute, that massive number is made even more mind-boggling by the number of hacked accounts: up to 432 million.

While the exact number of exposed accounts is hard to pin down due to some companies not being fully transparent about the details of their breaches, the damage is real. Each record usually includes personal information, such as your name, debit or credit card, email, phone number, password, birthday, security questions and physical address. Even if basic information about you is stolen, it can still be easily paired with stolen credit card data, empowering imposters.

While we may be experiencing “data-breach fatigue,” according to researchers at Unisys, the most recent numbers still make for a startling list:

• 70 million Target customers’ personal information, plus 40 million credit and debit cards
• 33 million Adobe user credentials, plus 3.2 million stolen credit and debit cards
• 4.6 million Snapchat users’ account data
• 3 million payment cards used at Michaels
• 1.1 million cards from Neiman Marcus
• “A significant number” of AOL’s 120 million account holders
• Potentially all of eBay’s 148 million customers’ credentials

Video: Data Breach: Are You Protected?

Last year, there were 1,054 data breaches in the U.S. alone and the average cost was $5.4 million per company. And no industry is safe.

And according to the Online Trust Alliance, 89% of breaches analyzed could have been avoided with basic controls and best practices. Got a minute? Watch our Blackboard Video, “Data Breaches: Are You Protected?” and learn about Paymetric’s proprietary data security solutions.

 

10 Cyber Security Best Practices You Should Follow

It’s simple. Poor data security can ruin your business. And with the amount of security breaches over the last year, businesses more than ever need to be taking precautions to keep their data safe from virus infections, hacking attacks or other system security breaches.

To help keep your business and sensitive data safe, here are 10 cyber security best practices you should follow:

1. Implement antivirus, anti-spam & firewall protections
2. Carry out regular security updates on all software & devices
3. Employ a resilient password policy (minimum eight characters & should be changed regularly)
4. Secure your wireless network
5. Establish a clear security policy for email, internet & mobile devices
6. Educate your staff in good security measures & perform employee background checks
7. Create & test back-up plans, information disposal & disaster recovery procedures
8. Carry out regular security risk assessments to identify important information & systems
9. “Stress test” websites regularly
10. Check provider credentials & contracts when using cloud services

For even more information about how to secure your data, click here.

 

“"
Thank you for visiting our site, due to the size of your mobile device, you need to rotate it 90° to view this site.