Brian Krebs from KrebsOnSecurity has once again beaten the pack to ousting several more retail breaches. On March 4 he posted information about the closure of the Smuckers’ online store. According to the small article on the company website the jam and jelly maker was retooling its site because customer credit card data had been hacked. It appears that once again the infiltrators scooped the information during the online checkout process but before being encrypted by the store’s database.
Krebs said in his March 4 blog that he recalled seeing Smuckers’ name among a list of targets picked last year by a criminal hacking group that plundered sites running outdated, vulnerable versions of ColdFusion, a Web application platform made by Adobe Systems Inc.
Another company was SecurePay. At first the company denied any breach but after Krebs sent a list of transactions records stolen from SecurePay’s payment gateway, the company confirmed the breach. A representative blamed the misunderstanding on a revamping of its program during that period of time and that communication lines were interrupted.
On March 5 Krebs blogged about “the latest target”, Sally Beauty which is a retail chain that sells beauty supplies to salons, stylists and the public. A number of banks first detected the breach using a test known as “common point of purchase” or CPP. It is similar to talking to a number of people who went to a picnic, got sick and tracking back to a common food source.
On March 2, a fresh batch of 282,000 stolen credit and debit cards went on sale in a popular underground crime store. Three different banks contacted by KrebsOnSecurity made targeted purchases from this store, buying back cards they had previously issued to customers.
When Krebs asked about the banks’ findings, Sally Beauty spokeswoman Karen Fugate said the company recently detected an intrusion into its network, but that neither the company’s information technology experts nor an outside forensics firm could find evidence that customer card data had been stolen from the company’s systems. However, it is still investigating.
Sears is still investigating a potential hacking breach according to insiders on March 3. The company’s security review is still at an early stage as Verizon's digital forensics unit and the U.S. Secret Service sift through the company's computer data to look for traces of hackers and the extent of any incursion.
"There have been rumors and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach," Howard Riefs, a Sears spokesman, said in an emailed note. "We have found no information based on our review of our systems to date indicating a breach."
It is true that takes time to confirm a breach and those companies need to do a comprehensive review of databases to determine the type of breach, what data was compromised and to put together a response plan.
According to Jay Foley, an identity theft expert, “If companies would collaborate on an internal reporting network to help track suspicious activity alerts that it might be a first step in stopping massive breaches from going on so long.”