Retail News, Articles and Updates

Insecure server holding U.K. fashion retailers' customer data breached by white hat

A server containing a database holding customer information pertaining to various U.K.-based online fashion retailers was discovered to be insecure after it was breached by a white-hat hacker on July 9.

Report: Thieves may have hacked Detroit gas pump to steal $1,800 of fuel

A gas station in Detroit is reportedly out roughly $1,800 after an unknown party apparently used a device to hack one of its pumps to dispense free gasoline.

Tread carefully: Adidas U.S. retail website breached

Several million online retail customers of German shoe and apparel manufacturer Adidas may have had their personal information compromised in a data breach involving an unauthorized third party.

Rail Europe North America discloses breach of e-commerce IT platform

U.S. residents who purchased European train tickets through Rail Europe North America (RENA) may be affected by a nearly three-month data breach/compromise of its e-commerce websites' IT platform that started late last year.

Buried no more: Source code for TreasureHunter POS malware leaked on forum

Someone has leaked the source code for well-established point-of-sale malware TreasureHunter onto an underground Russian-speaking forum, and already cybercriminals are talking about how to further improve and weaponize it now that it's available to the masses.

Simple, but not cheap, phishing kit found for sale on Dark Web

Cybercriminals are nothing if not attuned to finding new customers for their wares, as Check Point and CyberInt have come across a next-generation phishing kit for sale on the Dark Web geared toward the neophyte, but discerning, hacker.

Best Buy payment info compromised in [24]7.ai breach; malware reportedly suspected

Consumer electronics retailer Best Buy on Thursday became the third major company to acknowledge that a portion of its customer payment information was exposed in a data breach of third-party chat and customer engagement services provider [24]7.ai.

Malicious bot traffic climbs 9.5 percent in 2017, says report

The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report today from bot detection and mitigation firm Distil Networks, based on data collected from its global network.

Evolved Prilex malware lets cybercriminals clone chip and PIN cards

Prilex, a point-of-sale malware program that's historically been used to steal money or payment card information Brazilian ATMs and retailers, has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.

Staybridge Suites Lexington Hotel hit with data breach

The Staybridge Suites Lexington was hit with what appears to be a point of sales data breach that took place when several devices at the Kentucky hotel were hit with malware.

UDPoS malware spotted exfiltrating credit card data via DNS server

The first new point of sale (POS) malware seen in quite a while was spotted disguised as a LogMeIn service pack exfiltrating data via a DNS server.

Jason's Deli reports possible POS data breach

The 266-location Jason's Deli is notifying its customers that their payment card information may have been compromised through a point of sale data breach.

LockPoS malware adopts injection technique to evade detection

LockPoS, a point-of-sale malware program discovered in 2017 stealing payment card data from computers' memory, is now using a new malware injection technique designed to bypass antivirus hooks and evade detection.

Forever 21 blames POS malware, lapses in encryption, for payment card data compromise

A POS malware infection was responsible for compromising payment card data collected at certain Forever 21 stores last year -- an attack that was exacerbated by a lack of encryption on some devices, the apparel retailer stated.

Retailers still in need of data breach response plan

Between the holiday shopping season now being in full swing and the growing number of retailers hit with data breaches Tripwire was surprised that a recent survey it conducted found a large percentage of retailers had no data breach response plan in place.

Top 10 ways to stay safe while shopping online this holiday season

Cyber Monday may still be "a thing" but online shopping for the holidays is already well under way. With that in mind Malwarebyte's has pulled together a list of safe trips for all those who would rather not brave the crowds and weather and shop from home.

Forever 21 reports data breach, failed to turn on POS encryption

The clothing retailer Forever 21 reported today that some of its payment card systems had been breached when the installed encryption was not activated.

Hilton to pay $700,000 in data breach settlement with New York, Vermont

Hilton hotels has reached a $700,000 joint settlement with the New York Attorney General's office for a pair of data breaches that were discovered in 2015, including one that exposed more than 350,000 credit card numbers.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

Delayed delivery? Pizza Hut waits two weeks to disclose payment card data breach

Any way you slice it, it's not great news for Pizza Hut customers who learned on Saturday that their personal data was stolen during an Oct. 1-2 breach of the Italian food chain's website.

Point-of-sale data breach bad for Whole Foods' health

Amazon's recent supermarket acquisition Whole Foods Market disclosed on Thursday that its has suffered a point-of-sale data breach that compromised the payment card information of customers who used its taprooms and full table-service restaurants.

Sonic hit with class action suit over POS data breach

Two Sonic Drive-In customers are taking legal action against Sonic for allowing their payment card data to possibly have been compromised when the fast-food chain's POS system was hacked and are demanding the company pay for credit monitoring services for those affected.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.