Charity shop chain America’s Thrift Stores has become the latest hacking victim after crooks planted malware at a third-party service provider and stole payment card numbers. In a statement, the for-profit outfit which supports Christian ministries confirmed the attack, which appears to have come from crooks in Eastern Europe. Customers who bought items at any of America’s Thrift’s 18 stores in America’s south during September may have had their card numbers and expiration dates stolen, according to the US Secret Service.
Mark Bower, global director of enterprise data security at HP Data Security provided @DFMag with the following expert comment;
“This is yet another hack that underscores the need for companies to protect all of the sensitive information they hold on their customers. Beyond the threat to customers’ sensitive data, companies need to be concerned with the impact such an event can have on their reputation and, ultimately, on their bottom line. Particularly with the transition to EMV, a data-centric approach to security is the key cornerstone needed to allow companies to mitigate the risk and impact of these types of attacks.
Proven methods are available to neutralise this data from breaches. Leading retailers have adopted data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.1 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organisation handling card payment data.
With the available technologies today to protect sensitive data very easily and quickly, it’s a simple matter to cover all your bases to protect consumer trust and satisfaction.”
(452)
