This story was delivered to BI Intelligence “Payments Briefing” subscribers hours before appearing on Business Insider. To be the first to know, please click here.
Delta Airlines, Sears, and Kmart were all hit by a cybersecurity breach that compromised their software services provider, [24]7.ai, according to company statements and the New York Post.
The breach — which occurred between September 26 and October 12, 2017 — compromised payment-related information used in online transactions, including card and CVV numbers, expiration dates, names, and addresses, according to Gizmodo.
Sears, which also owns Kmart, stated that it believes fewer than 100,000 of its customers were affected and that Sears-branded credit card information was not compromised. Delta says a small division of its customers were affected and that no passports, security, or frequent flyer numbers were stolen. The breach is thought to be caused by a malware attack, which is a common method used by hackers — over half of breaches in 2017 included malware, according to Verizon.
This breach underscores the struggle that large firms face in ensuring the security of their payment systems. Several breaches at large companies have been announced in the last month, including Saks, Lord & Taylor, and Orbitz.com. Customer information such as full names, payment information, dates of birth, phone numbers, email addresses, and billing addresses were compromised in some cases. The breach affecting Delta, Sears, and Kmart seemingly only compromised payment information. It’s worth noting that while payment-related breaches are extremely risky, the information is all replaceable, making them less detrimental than breaches that expose other personal information.
The aftermath of breaches can come at a huge cost to firms in both the short- and long-term.
- Breaches are extremely costly to rectify.The average data breach in 2017 cost companies $3.6 million globally and $7.4 million in the US, according to IBM. This includes direct costs associated with identification, containment, and resolution, as well as indirect costs like customer losses and brand damage. Apart from the immediate expenses incurred from the reconciliation of a data breach, firms are also at risk of losing customers in the long run whose trust is hindered. That’s a serious concern — 22% of organizations that were breached in 2017 lost customers — as customers can lose trust in a breached retailer whether or not their information was compromised.
- The costs of breaches can go beyond firms and become costly for other players.The costs of breaches don’t account for the long-term damage that could come as a result of public backlash and a tarnished brand reputation. They also don’t account for the costs that trickle down to associated players, like issuers that may have to reissue cards. Fraud is a seemingly inevitable threat, especially to large companies, so it’s imperative that they take steps to prevent, detect, and resolve breaches in a timely manner if they happen.
Business Insider Intelligence, Business Insider’s premium research service, has put together a detailed report on the data breach threat, who and what companies need to protect themselves from, and how they can most effectively do so from a technological and organizational perspective.
Here are some key takeaways from the report:
- The breach threat isn’t going anywhere. The number of overall breaches isn’t consistent — it soared from 2013 to 2016, but ticked down slightly last year — but hackers might be becoming better at obtaining more records with less work, which magnifies risk.
- The majority of breaches come from the outside, and leverage software and hardware attacks, like malware, web app attacks, point-of-service (POS) intrusion, and card skimmers.
- Firms need to build a strong front door to prevent as many breaches as possible, but they also need to develop institutional knowledge to detect a breach quickly, and plan for how to resolve and respond to it in order to limit damage — both financial and subjective — as effectively as possible.
In full, the report:
- Explains the scope of the breach threat, by industry and year, and identifies the top attacks.
- Identifies leading perpetrators and causes of breaches.
- Addresses strategies to cope with the threat in three key areas: prevention, detection, and resolution and response.
- Issues recommendations from both a technological and organizational perspective in each of these categories so that companies can avoid the fallout that a data breach can bring.
Leave a Reply
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
