Immediate Vault Immediate Access

The bebe Hack: Guarding Against Cyberbreach During the Holiday Shopping Season

bebe data breach

On Friday, retail chain bebe announced that it had identified an attack on computers that operate the in-store payment processing system. The attack may have exposed data from cards swiped in retail locations in the U.S., Puerto Rico, and the U.S. Virgin Islands between Nov. 8 and Nov. 26, including cardholder name, account number, expiration date and verification code. The breach did not impact customers who shopped online or in other international locations, bebe reported, and the company has hired a security firm to stop and investigate the attack.

Almost exactly a year after the massive Target hack, this latest incident comes after a steady stream of sizable breaches among retailers, including Home Depot, JPMorgan Chase and eBay. Consumers have begun to find these hacks increasingly less surprising, and stopped paying as much attention – a phenomenon many are calling “breach fatigue.”

But companies are not entirely off the hook. While Target is on the rebound and subsequent breach victims have endured less damage to consumer perception, these cybersecurity incidents still demand a notable amount of contingency planning and mitigation.

According to public relations and social media firm Affect, there are four keys to protecting brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

“There are four phases of crisis communications: readiness, response, reassurance and recovery,” said Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.
buy filitra online https://galenapharm.com/pharmacy/filitra.html no prescription

2) The Customer is Top Priority

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.

Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach. “Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” Levin said in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.

3) Monitor the Situation in Real-Time

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments. Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes

For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

Home Depot Confirms Massive Data Breach

Home Depot Data Breach

On Monday, Home Depot confirmed that a breach of its payment data systems may have exposed customer card data across the United States and Canada. The breach appears to have begun in April, allowing hackers to steal an untold amount of shopper information including credit card numbers.

online pharmacy ocuflox with best prices today in the USA

The home improvement giant disclosed on Sept. 2 that it was investigating reports of “unusual activity” and, a week later, determined that any customers who used a card in the U.S. or Canada is at risk, though the breach does not appear to impact shoppers online or at retail stores in Mexico. In an official statement, the company assured that no one would be held responsible for fraudulent charges and offered free identity protection services, including credit monitoring, to anyone who has shopped at one of its locations since April.

As with the massive Target data breach, the Home Depot news was first broken by cybersecurity journalist Brian Krebs. The data went up for sale on rescator. So, the same underground store that sold credit card information from the Target and P.

online pharmacy zoloft with best prices today in the USA

F. Chang’s breaches, and may have been stolen by the same group of hackers. Krebs reported, “In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards ‘American Sanctions.’ Stolen cards issued by European banks that were used in compromised U.S. store locations are being sold under a new batch of cards labeled ‘European Sanctions.'”

Given the five-month duration, this breach may be many times larger than the Target attack, which exposed 40 million credit and debit cards and the personal data of 70 million customers in three weeks. The Target breach led to the resignation of its CEO and cost the company almost $150 million in the second quarter alone, according to the New York Times. In fact, the toll may reach ever higher. “I don’t see how they’re getting out of this for under a billion, over time,” John Kindervag, the vice president and principal analyst with Forrester Research, told the Times, adding, “$150 million in a quarter seems almost like a bargain.” Beyond the company itself, Javelin Strategy and Research reported at the time that total damage to banks and retailers could surpass billion, and consumers could be liable for more than billion in uncovered losses and other costs.

online pharmacy clomid with best prices today in the USA

One of the most promising ways to increase point-of-sale security is through the adaptation of EMV chip technology, as discussed in the March issue of Risk Management. In Europe, 81% of cards have EMV chips, and countries that have adopted the technology saw sharp declines in credit card fraud. In England, for example, the amount of fraud per transaction has dropped 57% since 2002, while it has risen almost 70% in the United States over the same period, according to consulting firm Celent. As part of its breach response, Home Depot announced plans to escalate adoption of EMV, installing “chip and PIN” checkout terminals throughout its U.S. stores by the end of the year. Target made a similar move in April, saying that it will issue its branded REDcard credit, debit and co-branded credit cards with MasterCard chip technology beginning next year.

No More Kindles for Walmart

In the March issue of Risk Management, I wrote an article that discussed, among other things, how brick-and-mortar retailers were struggling with the phenomenon of “showrooming,” where shoppers browse store shelves to examine items that they ultimately buy online from competitors like Amazon for a lower price. One strategy that Target was using to keep customers in their stores was to offer more exclusive items, such as clothing lines from famous fashion designers like Kirna Zabete, Jason Wu or Missoni. Then in May, Target upped the ante by announcing that it would no longer sell Amazon’s Kindle e-readers and tablets. Although the retailer didn’t offer much in the way of explanation, it was obvious that Target now considered Amazon to be a real competitor capable of disrupting the market and was going to treat it as such.

Yesterday the world’s largest retailer followed suit as Walmart announced that it was dropping Kindles as well. Although the Kindle has been around since 2007, it seems that the debut of the Kindle Fire tablets were the last straw. Unlike their predecessors, which were purely e-readers, the Fires are portable web browsers and media players that enable customers to more easily purchase many more items online, especially from Amazon.

“The Kindle Fire is the Trojan horse,” said Andrew Rhomberg, the chief executive of Jellybooks, an e-book recommendation site. “It’s a shopping platform that covers so many more categories than e-books. It affects Walmart in a different way than the early Kindles and e-readers did.”

Basically by stocking Kindles, Walmart and Target were providing their customers with the keys to the online retail world, which could, in effect, wind up cannibalizing their own sales figures and brand strength. It’s probably wise not to be the instrument of your own destruction.

Of course, whether or not this move will have any effect remains to be seen. After all, Walmart still sells iPads.