4 monster security breaches in retail and how to avoid them

Did you know that almost a third of businesses reported a security breach in 2018? Believe it or not, your retail business could be the next cyber-attack target.

Although breaches are a likely risk for any business, you should avoid them at all costs. Without the right measures in place, a cyber-attack could severely impact your business, resulting in hefty fines, loss of customers and reputational damage.

Let’s take a look at four of the biggest security breaches in retail over the past two years and what you can learn from them.

1. Underarmour (My Fitness Pal)

What happened?

An ‘unauthorised party’ accessed the information of 150 million customers, including usernames, email addresses and hashed ‘protected’ passwords. As a result, Underarmour’s shares dropped by almost 4 percent in after-hours trading.

How did they fix it?

Underarmour notified their users and explained what happened immediately. They gave customers information on how to protect their data and advised them to change their passwords immediately.

Currently, they’re working with law enforcement bodies and are exploring better cyber-security options.

2. Adidas

What happened?

A data breach exposed the personal data of ‘a few million’ Adidas customers. This included contact information, usernames and encrypted passwords.

How did they fix it?

Adidas announced the breach within 72 hours. They provided their customers with information on how to improve their personal security and met with law enforcement and other security firms to investigate the matter closely.

Adidas states that its IT and cybersecurity processes are aligned with industry practices to protect the company and customers.

3. SheIn.com

What happened?

SheIn’s IT team uncovered suspicious activity on their internal network. Hackers had accessed their database of email addresses and encrypted passwords, leaving their customers at risk.

How did they fix it?

SheIn hired a cyber-security specialist that identified and removed the malware. They then notified their customers, providing instructions on how to change their passwords and promised ‘one year of identity theft monitoring to affected customers in certain markets.’

In their email, SheIn advised that customers affected should ’place a fraud alert’ on their existing credit lines to protect them from identity theft.

4. Saks & Lord and Taylor

What happened?

Cybercriminals retrieved more than five million credit card numbers from Saks Fifth Avenue and Lord & Taylor stores in North America. The criminals stole them from the cash register systems within the retailer’s stores.

How did they fix it?

Saks & Lord and Taylor contacted their customers quickly and offered identity protection services. What’s more, they specifically set up a call centre to provide help and more information.

How much does a security breach really cost?

The average cost of a data breach in the retail industry is just under $2 million (£1.55 million).

But it’s not just the financial burden you should worry about. A data breach can ultimately affect your customer loyalty and trust. As much as a data breach can be fixed, your broken reputation is a much harder problem to solve.

To avoid these costs, you need to take proactive steps to keep your retail business’s security watertight.

On top of clear company policies and employee education, you’ll need to implement a secure system - like Microsoft 365.

How Microsoft 365 prevents security breaches

Microsoft is dedicated to offering the best security measures on the market. Here are three ways Microsoft 365 can help your retail business specifically.

1. Advanced Threat Protection (ATP)

ATP secures your company against ransomware and phishing schemes through attachment scanning and analysis. This both exposes and eliminates dangerous emails and messages before your employees can click on malicious links or documents.

2. Multi-factor authentication

Human error is still a major factor contributing to security breaches. Single-factor authentication leaves your retail business vulnerable to unauthorised access, from both cybercriminals as well as your own employees.

It is not enough to only protect from the outside in – you must ensure that only the right individuals have access to your most critical data. Microsoft 365 automatically implements multi-factor authentication for all employees, helping to keep your assets safe.

3. Data loss prevention (DLP)

A data loss prevention policy allows your business to use and share your data , without granting access to unauthorized persons. You can gain better control over your data by creating a custom DLP in Office 365’s Security and Compliance centre.

This prevents individuals from accidentally or intentionally sharing sensitive information with unauthorised users.

Stay protected

Don’t become another retail use case on this list.

Implementing the right security measures will help you avoid security breaches, protect your customers and keep your business goals on track.

To find out more about securing your business, take a look at our retail IT security checklist.