Online retailers see surge in Cyberattacks amidst COVID-19 Crisis
The COVID-19 pandemic has relegated many of us to our homes, leaving businesses with few opportunities to reach their customers and make sales. Online shopping has become a vital lifeline for thousands of businesses while brick and mortar locations are closed and millions of people shelter in place. In fact, many retailers are experiencing online traffic that is exceeding Cyber Monday activity, typically a high watermark for online shopping.
Unfortunately, bad actors are capitalizing on this moment by targeting e-commerce platforms for attack using tricks like account takeovers, bot-powered scraping attacks, and payment card skimming malware. For example, 80% of login incidences at home goods retailers are attributed to account takeover attempts.
While a litany of COVID-19-related cyber risks has become increasingly apparent, it’s clear that online retailers need to be especially critical of their defensive posture to ensure that they can continue meeting surging demand in an uncertain retail atmosphere in order to retain customer goodwill and capture enough revenue to stay afloat in a challenging time for retail.
United Kingdom – Aerial Direct – Independent telecommunications provider
Exploit: Unauthorized database access
Risk to Small Business: Extreme: Hackers gained access to an external backup database on February 26th that included the personal information of current and former customers. The breach contains copious amounts of customer information dating back six years. Although the company was quick to secure the database, the incident could impact its customer relationships, including its relationship with the O2. At the same time, the company will likely face regulatory scrutiny under Europe’s GDPR guidelines, which could have further challenged the company’s recovery efforts.
Risk to Exploited Individuals: Extreme: The breach compromised customers’ personally identifiable information, including their names, dates of birth, business addresses, email addresses, phone numbers, and purchasing information. This information can quickly make its way across the internet, and bad actors often use it to execute new cybercrimes. Those impacted by the breach should carefully evaluate their accounts for suspicious activity while staying vigilant to assess the validity of incoming messages.
Customers Impacted: Unknown
United States – Canon Business Process – Business outsourcing provider
Exploit: Phishing scam
Risk to Small Business: Severe: After an employee fell for a phishing scam, hackers gained access to the personal data from the company’s business contracts, including General Electric. The breach occurred between February 3 and February 14, 2020, but Canon Business Process didn’t learn of the breach until February 28. Now, in addition to providing credit monitoring services for victims, Canon Business Process has damaged its reputation with a major client.
Risk to Exploited Individuals: Severe: Canon Business Process provides outsourcing services for human resources and payroll responsibilities, so the compromised data includes direct deposit forms, tax forms, Social Security numbers, birth certificates, passports, benefit applications, and driver’s licenses. This information is often used to execute financial fraud, and those impacted by the breach should immediately notify their financial institutions of the breach. In addition, they should enroll in the complimentary credit monitoring services provided by Canon Business Process.
Customers Impacted: Unknown
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: