The retail industry isn’t immune from hackers. As many people who shopped at Target and Home Depot found out, it’s surprisingly easy for skilled hackers to steal credit and debit card information for hundreds of people. In this article, we’ll explore three other cases of security breaches in the retail industry, concerning British Airways, UPS, and BlueToad.
1 Million Apple UDIDs Publicly Released by Hackers
In 2012, the Apple UDID debacle brought a lot of trouble for the FBI, Apple, and ultimately BlueToad. Apple uses Unique Device Identifiers, or UDID, for each of their computers. This information along with names and usernames of device owners was published in a massive data dump by hacktivist collective AntiSec.
AntiSec claimed that the data was retrieved from an FBI laptop, but the FBI denied the claim. Apple also issued a statement saying that this information was never requested by or released to the FBI.
People with Apple computers from the UK, Germany, Poland, and the United States claimed that their UDIDs were on the list dumped by AntiSec. The debacle had everyone searching for the one app that was responsible for the leak and that would have all of these UDIDs in common.
In the end, BlueToad confessed that it was the victim of a cyberattack which resulted in the theft of Apple UDIDs from their systems. Interestingly, Apple has been trying to move away from the use of UDIDs for privacy reasons.
BlueToad sells services to publishers that allow them to move content to mobile devices. A computer security professional named David Schuetz discovered that BlueToad was the likely source before the company released their statement. From what BlueToad has to say there may have been multiple security breaches.
51 UPS Franchises May Have Been Compromised by Hackers
In 2014, UPS announced that they had been hacked. As of August 2014, the threat was eliminated leaving customers to shop again safely at UPS. But in January of the same year, malware infiltrated the system affecting 51 franchises in over 24 states. That comes out to 4,470 locations.
The information that was potentially taken included debit and credit card information for UPS customers. What’s also concerning is that in some cases the names, addresses, and email addresses were leaked as well. UPS did not specify how many customers or transactions were affected, but considering the length of time the malware was active, the number is bound to be large.
As an answer to the security breach, UPS set up information on its website offering identity protection and credit monitoring services for those affected by the breach. But the good news is that at the time of reporting, there had been no evidence of fraudulent activity as a result of this breach.
Hackers Access Tens of Thousands of British Airways Frequent-Flyer Accounts
As recently as March of 2015, British Airways announced that there had been some unauthorized activity in relation to a small number of frequent-flyer executive club accounts. According to the news, the number is somewhere in the tens of thousands.
According to British Airways, no names, addresses, banking or credit card details were accessed as the result of this breach. It is believed that the hack was carried out by an automated computer program looking for vulnerabilities.
As a precaution, British Airways temporarily locked down access to all accounts. In a statement, the company reassured costumers that none of their personally identifiable information was taken, and that they will take steps to ensure the future security of these accounts.
Consequences of Large Retail Security Breaches
It’s not surprising that hackers would target the retail industry. After all, it’s a good way to obtain a large amount of sensitive information like debit and credit cards. Fortunately for consumers, many of the hacks weren’t as detrimental as the hackers would have liked them to be.
It’s not always easy to connect stolen credit card information with the related security breach, mainly because of the large number of breaches in recent years. If a consumer shopped at UPS, Target, and Home Depot during the times when each company was victim of a breach, a consumer may be the victim of credit card fraud each time. For breaches that happen simultaneously, it’s even harder to tell what caused the fraud.
On the bright side, as a result of security breaches resulting in massive data loss organizations are increasingly adopting the chip technology that’s already widely in use in European countries. Making credit card transactions more secure is a step that was long overdue.
eFileCabinet and Cybersecurity
While the Cloud offers many advantages, including the ability to view and edit information from any location on any device, cybersecurity concerns are very real. eFileCabinet takes the security of your files quite seriously and protects your information with data encryption. Whether you view, edit, or archive files online, we always encrypt the data. We also provide you with the ability to set up role-based user access which limits the information each of your employees has access to.