Retail News, Articles and Updates

Rail Europe North America discloses breach of e-commerce IT platform

U.S. residents who purchased European train tickets through Rail Europe North America (RENA) may be affected by a nearly three-month data breach/compromise of its e-commerce websites' IT platform that started late last year.

Buried no more: Source code for TreasureHunter POS malware leaked on forum

Someone has leaked the source code for well-established point-of-sale malware TreasureHunter onto an underground Russian-speaking forum, and already cybercriminals are talking about how to further improve and weaponize it now that it's available to the masses.

Simple, but not cheap, phishing kit found for sale on Dark Web

Cybercriminals are nothing if not attuned to finding new customers for their wares, as Check Point and CyberInt have come across a next-generation phishing kit for sale on the Dark Web geared toward the neophyte, but discerning, hacker.

Best Buy payment info compromised in [24]7.ai breach; malware reportedly suspected

Consumer electronics retailer Best Buy on Thursday became the third major company to acknowledge that a portion of its customer payment information was exposed in a data breach of third-party chat and customer engagement services provider [24]7.ai.

Malicious bot traffic climbs 9.5 percent in 2017, says report

The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report today from bot detection and mitigation firm Distil Networks, based on data collected from its global network.

Evolved Prilex malware lets cybercriminals clone chip and PIN cards

Prilex, a point-of-sale malware program that's historically been used to steal money or payment card information Brazilian ATMs and retailers, has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.

Staybridge Suites Lexington Hotel hit with data breach

The Staybridge Suites Lexington was hit with what appears to be a point of sales data breach that took place when several devices at the Kentucky hotel were hit with malware.

UDPoS malware spotted exfiltrating credit card data via DNS server

The first new point of sale (POS) malware seen in quite a while was spotted disguised as a LogMeIn service pack exfiltrating data via a DNS server.

Jason's Deli reports possible POS data breach

The 266-location Jason's Deli is notifying its customers that their payment card information may have been compromised through a point of sale data breach.

LockPoS malware adopts injection technique to evade detection

LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers' memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection.

Forever 21 blames POS malware, lapses in encryption, for payment card data compromise

A POS malware infection was responsible for compromising payment card data collected at certain Forever 21 stores last year -- an attack that was exacerbated by a lack of encryption on some devices, the apparel retailer stated.

Retailers still in need of data breach response plan

Between the holiday shopping season now being in full swing and the growing number of retailers hit with data breaches Tripwire was surprised that a recent survey it conducted found a large percentage of retailers had no data breach response plan in place.

Top 10 ways to stay safe while shopping online this holiday season

Cyber Monday may still be "a thing" but online shopping for the holidays is already well under way. With that in mind Malwarebyte's has pulled together a list of safe trips for all those who would rather not brave the crowds and weather and shop from home.

Forever 21 reports data breach, failed to turn on POS encryption

The clothing retailer Forever 21 reported today that some of its payment card systems had been breached when the installed encryption was not activated.

Hilton to pay $700,000 in data breach settlement with New York, Vermont

Hilton hotels has reached a $700,000 joint settlement with the New York Attorney General's office for a pair of data breaches that were discovered in 2015, including one that exposed more than 350,000 credit card numbers.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

Delayed delivery? Pizza Hut waits two weeks to disclose payment card data breach

Any way you slice it, it's not great news for Pizza Hut customers who learned on Saturday that their personal data was stolen during an Oct. 1-2 breach of the Italian food chain's website.

Point-of-sale data breach bad for Whole Foods' health

Amazon's recent supermarket acquisition Whole Foods Market disclosed on Thursday that its has suffered a point-of-sale data breach that compromised the payment card information of customers who used its taprooms and full table-service restaurants.

Sonic hit with class action suit over POS data breach

Two Sonic Drive-In customers are taking legal action against Sonic for allowing their payment card data to possibly have been compromised when the fast-food chain's POS system was hacked and are demanding the company pay for credit monitoring services for those affected.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Bank websites struggle, consumer services sites shine in online trust assessment

An annual audit of more than 1,000 top websites found that 52 percent have highly trustworthy cybersecurity and privacy practices, yet 46 percent failed the assessment altogether, with bank sites surprisingly faring worst of all.

Jaff ransomware server also hosting Dark Web PII fencing operation

WannaCry ransomware stole most of the headlines in May, but researchers have noted that Jaff ransomware, which was wreaking havoc at the same time, is being operated from the same server as a large Dark Web department store.

Data breach rattles Sabre: Intrusion into hotel reservations system revealed

Sabre Corporation, a $3.37 billion company that provides technology solutions to airline and hotel companies, has disclosed a breach of its Hospitality Solutions SynXis Central Reservations system, which may have exposed consumers' payment card data and personally identifiable information.

Hacker served Shoney's POS malware for three months

Best American Hospitality Corp. reported that 37 Shoney's restaurants it manages and operates were hit with point-of-sale (POS) malware starting in late December and lasting through early March.