Major U.S. retailer Macy’s has suffered from a data breach, linked to a Magecart card-skimming code which collected customers’ first and last names, addresses, phone number, emails and payment card information. The company has said credit-card information and other data entered on the checkout page was captured by hackers. Consequently to the issue, which took place during October 2019, Macy’s has now said the issue has been resolved.
To look more closely into the data breach, Vinay Sridhara of Balbix explains to Digital Journal readers why enterprises must scan and monitor all attack vectors across connected applications such as online payment portals as well as all third-party systems to detect vulnerabilities and mitigate future breaches such as this.
According to Vinay Sridhara (Balbix), the retailer has responded appropriately: “Macy’s has taken the appropriate steps to contain and mitigate this data-stealing campaign, including quick notification of the breach as well as quick action to remove the code. ”
However, he notes: “Still, the malicious code went unsuspected for a week.”
And this type of issue is a consequence of the expansion of digital technology: “All that constitutes IT infrastructure is rapidly expanding and Gartner predicts that by 2020, the total number of connected things will reach 20.4 billion.”
This means: “It is critical that Macy’s implement security solutions that scan and monitor all attack vectors across connected applications such as online payment portals as well as all third-party systems to detect vulnerabilities that could be exploited.”
Sridhara notes that businesses need to go about: “proactively identifying and addressing vulnerabilities that would put customers’ personally identifiable information at risk of exposure, will enable enterprises to mitigate future breaches and avoid litigation, fines under data privacy laws, retain brand image and increase the organizations’ market share.”
In terms of preventative strategies, Sridhara recommends that it is “imperative that large enterprises such as Macy’s leverage advanced security tools that employ artificial intelligence and machine learning to identify and analyze the tens of thousands of data signals in real-time and prioritize vulnerabilities.”
He adds that: “An online payment portal’s database contains huge swaths of sensitive customer information and is pivotal to the businesses success, making any vulnerability in its security strategy highly prioritized. Instead of reacting to a security incident a week after it occurs, enterprises must invest and adopt in modern security platforms to proactively manage risk based on business criticality to strategically and effectively protect their customers’ data.”
