Retail News, Articles and Updates

Retailers still in need of data breach response plan

Between the holiday shopping season now being in full swing and the growing number of retailers hit with data breaches Tripwire was surprised that a recent survey it conducted found a large percentage of retailers had no data breach response plan in place.

Top 10 ways to stay safe while shopping online this holiday season

Cyber Monday may still be "a thing" but online shopping for the holidays is already well under way. With that in mind Malwarebyte's has pulled together a list of safe trips for all those who would rather not brave the crowds and weather and shop from home.

Forever 21 reports data breach, failed to turn on POS encryption

The clothing retailer Forever 21 reported today that some of its payment card systems had been breached when the installed encryption was not activated.

Hilton to pay $700,000 in data breach settlement with New York, Vermont

Hilton hotels has reached a $700,000 joint settlement with the New York Attorney General's office for a pair of data breaches that were discovered in 2015, including one that exposed more than 350,000 credit card numbers.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

Delayed delivery? Pizza Hut waits two weeks to disclose payment card data breach

Any way you slice it, it's not great news for Pizza Hut customers who learned on Saturday that their personal data was stolen during an Oct. 1-2 breach of the Italian food chain's website.

Point-of-sale data breach bad for Whole Foods' health

Amazon's recent supermarket acquisition Whole Foods Market disclosed on Thursday that its has suffered a point-of-sale data breach that compromised the payment card information of customers who used its taprooms and full table-service restaurants.

Sonic hit with class action suit over POS data breach

Two Sonic Drive-In customers are taking legal action against Sonic for allowing their payment card data to possibly have been compromised when the fast-food chain's POS system was hacked and are demanding the company pay for credit monitoring services for those affected.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Bank websites struggle, consumer services sites shine in online trust assessment

An annual audit of more than 1,000 top websites found that 52 percent have highly trustworthy cybersecurity and privacy practices, yet 46 percent failed the assessment altogether, with bank sites surprisingly faring worst of all.

Jaff ransomware server also hosting Dark Web PII fencing operation

WannaCry ransomware stole most of the headlines in May, but researchers have noted that Jaff ransomware, which was wreaking havoc at the same time, is being operated from the same server as a large Dark Web department store.

Data breach rattles Sabre: Intrusion into hotel reservations system revealed

Sabre Corporation, a $3.37 billion company that provides technology solutions to airline and hotel companies, has disclosed a breach of its Hospitality Solutions SynXis Central Reservations system, which may have exposed consumers' payment card data and personally identifiable information.

Hacker served Shoney's POS malware for three months

Best American Hospitality Corp. reported that 37 Shoney's restaurants it manages and operates were hit with point-of-sale (POS) malware starting in late December and lasting through early March.

GameStop investigating point of sale data breach

GameStop is investigating a possible payment card breach on the retailer's GameStop.com online store, according to published reports.

Hacker compromises nearly 100k McDonald's Canada job applications

The McDonald's Canada career website has suffered a data breach that compromised about 95,000 restaurant job applications, the fast-food giant acknowledged on Friday in a company statement.

Insurer sues Rosen Hotels over data breach payments

St. Paul Fire & Marine Insurance has filed a lawsuit asking a Florida judge to formally state that the insurance company is not responsible for paying any costs related to a data breach that took place at Rosen Hotels & Resorts.

Food court: Arby's reportedly faces 8 lawsuits resulting from breach

Fast-foot chain Arby's is now facing a total of eight lawsuits stemming from a data breach that was discovered in February and affected around 1,000 locations, the AP has reported.

Saks Fifth Avenue leaves customer data exposed

Saks Fifth Avenue reportedly exposed the personal information of tens of thousands of customers in plain text on publically accessible pages.

Verifone calls security breach 'limited,' after quick response

The company said attackers didn't target merchants and the security and integrity of its networks remained intact.

Cylance says RawPOS is back with a fresh new signature, not much else

The California-based security has published an analysis which claims not much effort has been put into the new variant, and as a result was a doddle to catch.

The retail industry steps up the fight against cyber-threats

The British Retail Consortium releases practical guidance for British retail businesses to ensure they have the appropriate preventative and response measures in place to reduce their vulnerabilities and to protect both themselves and their customers.

Arby's hit with POS breach, 1,100 stores possibly affected

The fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.

Bed-lam: 1,100 furniture company employees' W-2 info exposed in spoofing scam

Furniture manufacturer and retailer Mitchell Gold + Bob Williams mistakenly furnished a cybercriminal operation with its employees' W-2 information after falling for a phishing scam that used a spoofed email address.

15 million affected by ID fraud, report

The number of people hit with identity fraud and the total monetary loss due to this crime increased dramatically in 2016 with more than 15 million people losing a combined $16 billion.

Unhappy meal: McDonald's website doesn't securely protect passwords, researcher finds

Registered users of McDonald's website are susceptible to credential theft due to the combination of a cross-site scripting (XSS) vulnerability and a cryptographic storage vulnerability, a researcher has found.