The Data Devils Wear Prada
Cyber criminals would probably say data breaches are always in fashion. Now, with French luxury retailer Louis Vuitton sending out breach notifications to customers in several countries, you could say they truly are in fashion.
Customers in South Korea, Turkey and the UK were alerted that personal data including their names and contact information was accessed by unauthorized parties. No payment information was contained in the database accessed, and an investigation is ongoing.
This breach comes less than two months after an incident with Adidas, who disclosed that hackers hit a third-party vendor, which also contained contact data for Adidas customers. Victoria’s Secret had a cyberattack around the same time, which forced it to temporarily take down its website. Retailers have been high value targets for bad actors in recent months, and these incidents themselves came on the heels of breaches at Dior, Marks & Spencer (which cost them $400 million), and Harrods in the UK. For Marks & Spencer, their breach resulted in loss of sales and additional expenses needed to manually operate processes during recovery. “These attacks are not isolated events,” says Ryan Sherstobitoff, SVP of Threat Research & Intelligence at SecurityScorecard, “they represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry.”
Some of these breaches involved the ransomware group known as DragonForce, which relies on phishing emails, using stolen credentials to gain a foothold in a network, and exploiting vulnerabilities for financial gain. DragonForce also offers a “white-label” option for a fee, allowing its users to mask their ransomware as a different strain, boosting evasion.
When third-party associates become the weak link in the supply chain, it puts all of their partners at extra risk. How can one be assured of the security hygiene of those outside its organization?
Well, when bad actors finally breach a company’s perimeter, that’s when keeping your data locked down comes into play. Encrypting sensitive data makes it illegible, thus frustrating attempts to use it for fraud. NetLib Security’s Encryptionizer product is just such a frustration for cyber criminals, though the very opposite for users. Transparently encrypting stored data across all environments – physical, virtual and cloud – with no additional programming needed, can be the difference between a successfully deflected data breach, or tripping on the runway.