digital dialogue By Jacque Brittain, LPC
How Will Retail Respond to a New Wave of Cyber Crime? T
he retail industry faced unprecedented cyber crime conflicts in 2014 with a barrage of data breach incidents that exposed hundreds of millions of retail customers to the long and often international reach of a growing breed of criminal. Data breaches and other cyber-crime insults were a regular and consistent occurrence across retail channels, resulting in significant changes in both approach and practice for many retail organizations. Cyber crime remained a primary topic across digital channels once again in 2015 with cyber criminals hacking into everything from the Ashley Madison database—which proudly boasts it is “the most famous name in infidelity and married dating” website—to prison phones to CIA Director John Brennan’s AOL account. Personal information belonging to more than 178 million Americans was exposed in cyber attacks, according to the Identity Theft Research Center. Lessons learned took us in several different directions. Government data breaches including the breach of the Office of Personnel Management exposed the personal information of tens of millions of Americans and made it clear that our own government agencies are actually lagging behind in the area of data protection and are in desperate need of fortification. On the other end of the spectrum, the self-proclaimed adulterers' website claims that the publicity from the data breach has actually increased their traffic and popularity. Go figure.
Retail Cyber Crime
The retail industry has responded aggressively to the threat of cyber crime, increasing awareness, enhancing education and training opportunities, restructuring responsibilities, and adding new positions to better prepare for such threats. But while the industry didn’t face the bombardment of attacks that occurred in 2014, retailers certainly didn’t escape unscathed in 2015 as the following examples illustrate. Pharmacy chain CVS was forced to take down its online photo print ordering site as the result of a data breach.
60
January–February 2016
Brittain is editorial director, digital, for LP Magazine. Formerly a director of learning design and certification, Brittain managed the development of the LPC and LPQ certification programs in collaboration with the Loss Prevention Foundation. Prior to that he was vice president of operations for the industry’s largest executive search and consulting firm. In his thirty-plus years in the LP industry, he has helped build and enhance many learning initiatives and provided career counseling for thousands of industry professionals. Brittain can be reached at jacb@lpportal.com or by phone at 704-246-3143.
Walmart Canada then reported it was investigating a similar breach of its online photo website, which the company said was operated by a third party. That same third-party provider claimed to be working “with over 19,000 retail locations and 8,000 kiosks to generate more than 18 million transactions for personalized products.” Retailers reported to be working with the third-party provider included Sam’s Club, Walgreens, Costco, Tesco, Rite Aid, among others. Credit card data, email and postal addresses, phone numbers, and passwords were taken, but it’s not clear how many millions were affected by the breach.
Retailers must continue the push toward cooperative partnerships between loss prevention and information technology departments, continuing education and training programs, and proactive strategies to minimize cyber threats and protect company assets. Staying current with these threats has become a professional responsibility, while being prepared has become a business necessity. Credit bureau and consumer data broker Experian disclosed that a data breach involving its computer systems exposed approximately 15 million social security numbers and other data on people who applied for financing from wireless provider T-Mobile. While Experian stressed that no payment card or banking details were continued on page 62
|
LOSSPREVENTIONMEDIA.COM
