Retail News, Articles and Updates

Best Buy payment info compromised in [24]7.ai breach; malware reportedly suspected

Consumer electronics retailer Best Buy on Thursday became the third major company to acknowledge that a portion of its customer payment information was exposed in a data breach of third-party chat and customer engagement services provider [24]7.ai.

Malicious bot traffic climbs 9.5 percent in 2017, says report

The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report today from bot detection and mitigation firm Distil Networks, based on data collected from its global network.

Evolved Prilex malware lets cybercriminals clone chip and PIN cards

Prilex, a point-of-sale malware program that's historically been used to steal money or payment card information Brazilian ATMs and retailers, has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.

Staybridge Suites Lexington Hotel hit with data breach

The Staybridge Suites Lexington was hit with what appears to be a point of sales data breach that took place when several devices at the Kentucky hotel were hit with malware.

UDPoS malware spotted exfiltrating credit card data via DNS server

The first new point of sale (POS) malware seen in quite a while was spotted disguised as a LogMeIn service pack exfiltrating data via a DNS server.

Jason's Deli reports possible POS data breach

The 266-location Jason's Deli is notifying its customers that their payment card information may have been compromised through a point of sale data breach.

LockPoS malware adopts injection technique to evade detection

LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers' memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection.

Forever 21 blames POS malware, lapses in encryption, for payment card data compromise

A POS malware infection was responsible for compromising payment card data collected at certain Forever 21 stores last year -- an attack that was exacerbated by a lack of encryption on some devices, the apparel retailer stated.

Retailers still in need of data breach response plan

Between the holiday shopping season now being in full swing and the growing number of retailers hit with data breaches Tripwire was surprised that a recent survey it conducted found a large percentage of retailers had no data breach response plan in place.

Top 10 ways to stay safe while shopping online this holiday season

Cyber Monday may still be "a thing" but online shopping for the holidays is already well under way. With that in mind Malwarebyte's has pulled together a list of safe trips for all those who would rather not brave the crowds and weather and shop from home.

Forever 21 reports data breach, failed to turn on POS encryption

The clothing retailer Forever 21 reported today that some of its payment card systems had been breached when the installed encryption was not activated.

Hilton to pay $700,000 in data breach settlement with New York, Vermont

Hilton hotels has reached a $700,000 joint settlement with the New York Attorney General's office for a pair of data breaches that were discovered in 2015, including one that exposed more than 350,000 credit card numbers.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

Delayed delivery? Pizza Hut waits two weeks to disclose payment card data breach

Any way you slice it, it's not great news for Pizza Hut customers who learned on Saturday that their personal data was stolen during an Oct. 1-2 breach of the Italian food chain's website.

Point-of-sale data breach bad for Whole Foods' health

Amazon's recent supermarket acquisition Whole Foods Market disclosed on Thursday that its has suffered a point-of-sale data breach that compromised the payment card information of customers who used its taprooms and full table-service restaurants.

Sonic hit with class action suit over POS data breach

Two Sonic Drive-In customers are taking legal action against Sonic for allowing their payment card data to possibly have been compromised when the fast-food chain's POS system was hacked and are demanding the company pay for credit monitoring services for those affected.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Bank websites struggle, consumer services sites shine in online trust assessment

An annual audit of more than 1,000 top websites found that 52 percent have highly trustworthy cybersecurity and privacy practices, yet 46 percent failed the assessment altogether, with bank sites surprisingly faring worst of all.

Jaff ransomware server also hosting Dark Web PII fencing operation

WannaCry ransomware stole most of the headlines in May, but researchers have noted that Jaff ransomware, which was wreaking havoc at the same time, is being operated from the same server as a large Dark Web department store.

Data breach rattles Sabre: Intrusion into hotel reservations system revealed

Sabre Corporation, a $3.37 billion company that provides technology solutions to airline and hotel companies, has disclosed a breach of its Hospitality Solutions SynXis Central Reservations system, which may have exposed consumers' payment card data and personally identifiable information.

Hacker served Shoney's POS malware for three months

Best American Hospitality Corp. reported that 37 Shoney's restaurants it manages and operates were hit with point-of-sale (POS) malware starting in late December and lasting through early March.

GameStop investigating point of sale data breach

GameStop is investigating a possible payment card breach on the retailer's GameStop.com online store, according to published reports.

Hacker compromises nearly 100k McDonald's Canada job applications

The McDonald's Canada career website has suffered a data breach that compromised about 95,000 restaurant job applications, the fast-food giant acknowledged on Friday in a company statement.

Insurer sues Rosen Hotels over data breach payments

St. Paul Fire & Marine Insurance has filed a lawsuit asking a Florida judge to formally state that the insurance company is not responsible for paying any costs related to a data breach that took place at Rosen Hotels & Resorts.

Food court: Arby's reportedly faces 8 lawsuits resulting from breach

Fast-foot chain Arby's is now facing a total of eight lawsuits stemming from a data breach that was discovered in February and affected around 1,000 locations, the AP has reported.