informa
/
/
Announcements
Event
Cyber Threats, Cyber Vulnerabilities: Assessing Your Attack Surface | Dark Reading Virtual Event | <REGISTER NOW>
PreviousNext
Attacks/Breaches
Slideshow

The Year Of The Retailer Data Breach

This year's wave of attacks was more dramatic in its widespread scope and seemingly constant battering of more than a dozen big box chains.
Dark Reading Staff
Dark Reading
November 18, 2014
Target's information security operation should have been the envy of any retailer, with its million-dollar state-of-the-art s
Neiman Marcus in January went public with a data breach of some 1.1 million payment cards. The company later dialed back tha
Michaels also rang in the New Year with some bad news: Some 2.6 million customer payment cards were exposed in a data breach
Sally Beauty Supply in early March confirmed that it had suffered a data breach after a report published by KrebsOnSecurity.
In June, restaurant chain P.F. Chang's became the latest known victim of a payment card hack that targeted its point-of-sale
Some 330 Goodwill stores across 20 states were hit by a data breach via malware that exposed some 868,000 payment cards durin
The SuperValu grocery and food store chain announced two data breaches, first in August and then again in late September. The
The United Parcel Service confirmed in late August that 51 of its 4,470 The UPS Store franchise stores had been hacked in a p
Target's data breach may have been the kickoff for the Year of the Retail Breach, but Home Depot's cyber attack turned out to
Jimmy John's, the gourmet sandwich-maker with freakishly fast delivery standards, was a little late discovering that the poin
Dairy Queen went public in early October that it, too, had been burnt by a PoS malware attack via a third-party vendor's pilf
A small number of Staples stores in Pennsylvania, New York City, and New Jersey reportedly were affected by a payment card br
Last month it was big-box mainstay Kmart that revealed a data breach. Kmart said its IT team on October 9 discovered that its
1/13

Cybercriminals found their sweet spot this past year with the retail industry, where some of the biggest big-box brand names and franchises were infiltrated by malware that helped the bad guys steal millions of credit and debit-card account numbers of shoppers. 

Data breaches are nothing new for the retail industry -- think TJX in 2005, Dave & Buster's in 2007, to name a few -- but this year's wave of attacks was different and more dramatic in its widespread scope and seemingly constant battering of big box retailers, with more than a dozen of them disclosing data breaches, including Target, Home Depot, Michael's, Dairy Queen, and most recently, Kmart. 

Target became the poster child for how not to conduct an incident response operation, with more than 40 million payment cards pilfered from its computers after ignoring security alarms from the attack and then experiencing a public disclosure disaster that ultimately resulted in the departure of its CIO and CEO.

[The next Dark Reading Radio episode on Nov. 19 at 1:00 p.m. ET (10:00 a.m. PT) features retail security experts from Mandiant and the retail industry. Read Retail Hacking: What To Expect This Holiday Season.]

So just in time for the 2014 holiday shopping season, here's a look at 13 major retailers who revealed this past year that they had suffered data breaches. Don't be suprised if a few more come forward before we ring in 2015. 

 
Next slide
Recommended Reading:
Editors' Choice
10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage
Ericka Chickowski, Contributing Writer
Windows 11 Available: What Security Pros Should Know
Kelly Sheridan, Senior Editor
Top 5 Skills Modern SOC Teams Need to Succeed
Jack Naglieri, CEO and Founder, Panther Labs
The New Security Basics: 10 Most Common Defensive Actions
Robert Lemos, Contributing Writer