Sweaty Betty, the retailer of high-end sports clothing, has indicated the firm was recently made aware of “unusual activity” on its website. The company adds that a third party gained unauthorised access to part of its website and inserted malicious code “designed to capture information entered during the checkout process”.
The stolen data is said to have included name, password, billing address, delivery address, email address, telephone number, payment card number, CVV number and expiration date.
To understand what’s behind the data breach, Digital Journal caught up with Chief Security Officer & Vice President of LogRhythm Labs – James Carder.
According to Carder, the issue has implications for retail in general: “Many companies within the retail industry have focused on innovating customer experience and delivering seamless services for their online users, yet investment in security strategies to reduce the vulnerability of cyber attacks are unfortunately not a focal point until after the fact.”
With the sports clothing company in particular, Carder notes that “Sweaty Betty took immediate action and reported the incident quickly, yet the malicious code that the third party attacker inserted to gain sensitive personal data of customers went unsuspected for over a week.”
As to what this means, the analyst notes: “This indicates that either an insider or an attacker had access to Sweaty Betty’s environment for at least that long (and likely longer) to inject and push the code in the first place, and at the end of the day, no code – malicious or otherwise – should ever make it into production without it being validated as legitimate first.”
Carder further notes that we can expect more of these types of attacks unless action is taken: “As more and more connected applications are added to an enterprises’ IT infrastructure, such as online payment portals, the ability to manage and detect all threats becomes increasingly difficult.”
In terms of preventative measures, Carder recommends: “For every retail company, it is not only critical that they have the communication and notification tools in place, but that they also know how to properly instrument their complex IT environment to achieve a complete forensic view into anomalous and malicious activity across all vectors. An appropriately configured security monitoring solution that has full visibility into the environment likely would have identified indicators of compromise related the malicious code and could have helped Sweaty Betty stop the threat even sooner.”
