Light Dark
October 27, 2021 By Dawn Allcot 4 min read
Data Protection
Incident Response
Retail
Security Services

E-commerce sales grew by nearly one-third in 2020, in large part due to the pandemic. Meanwhile, retail data breaches grew even more prevalent and costly. Retailers need to know not just the cost of a data breach, but the risks and challenges involved with one. This can help IT security professionals and business owners protect against attacks. It also helps to look at some of the more infamous data breaches of the past year. Be prepared by knowing what threats to protect against.

What Is a Retail Data Breach?

A retail data breach involves attackers stealing customer data. That can include credit card numbers, names, addresses and, in the case of e-commerce data breaches, even passwords. It can also involve attackers gaining access to company data or accounts, which increases the cost of a data breach.

There are several types of retail data breaches, including:

  • Skimming at the point of sale, where thieves steal credit card information and use it to make unauthorized purchases
  • Phishing, where threat actors social engineer information to obtain passwords or bank account numbers
  • Malware, or software that can steal or wipe data
  • Ransomware, or software that holds data hostage until the victim pays a fee.

Well-Known 2021 Data Breaches

A popular men’s clothing retailer, with both e-commerce and brick-and-mortar locations, suffered a devastating breach earlier this year, with customer data — including partial credit card information — stolen from millions of customers. The data was posted on a hacker forum after it was downloaded from the company’s backup cloud.

High-End Fashion Retailer Data Breach

Another high-end fashion retailer selling men’s, women’s and children’s clothing revealed a data breach in July. It included account numbers, debit and credit card numbers and other personal and financial information.

The retailer offered customers involved in the breach one year of free credit monitoring and identity theft protection services.

Big-Box Chain Store Data Breach

When many people think of shopping today, they think of big box stores. These chains face the same challenges as other retailers in protecting customer data. In spring 2021, one big-box store suffered a cloud-bucket misconfiguration. This lead to more than 300,000 customers having their data stolen.

The information exposed in the breach included names, phone numbers, addresses and the last four digits of credit and debit cards.

Children’s Clothing Retailer

Attackers stole personal and shipping information from more than 410,000 people in one June 2021 attack. Specifically, they struck online shoppers in a third-party data breach. Data included names, addresses, phone numbers, purchase details and more.

Grocery Store Chain

Several supermarket chains suffered data breaches in 2021. One in particular exposed cloud-based databases bearing customer information to the general public. Data may have included personal information, email addresses and passwords to loyalty club accounts. The company said the passwords were hashed and not visible in the data breach.

Auto Manufacturer and Dealer

Retail data breaches aren’t limited to places people may shop on a weekly basis. An auto manufacturer experienced a data breach in 2021 that affected 3.3 million car buyers and shoppers across the U.S. and Canada.

The breach affected the automaker’s website as well as some of its dealers, exposing consumer information that had been collected for sales and marketing between 2014 and 2019. Data exposed included driver’s license numbers for more than 90,000 people, which could open those customers to identity theft. A smaller number of customers had their social security or tax ID numbers stolen, along with their dates of birth.

However, 97% of those involved in the breach had only their contact information and vehicle data — including the Vehicle Identification Number, in some cases — taken.

How Much Does a Retail Data Breach Cost?

The good news is that, in spite of their prevalence, retail data breaches are not anywhere close to the most costly. The average cost of a data breach in retail in 2021 is $3.27 million. Retail ranks 15th on the list of most costly data breaches. However, the cost jumped steeply from 2020, when each breach cost an average of only $2.01 million, according to the 2021 Cost of a Data Breach Report. That represents a 62.7% increase, which was the fourth-highest increase, percentage-wise, out of the 17 industries analyzed in the report.

It’s important to remember that the costs of a data breach include not just money that may be stolen from the company or its customers, but also the costs of:

  • Compensating customers with credit monitoring and identity monitoring services or cash
  • Litigation if a class-action suit occurs
  • Fixing the breach and preventing future breaches.

Plus, there’s the high — and often unmeasurable — cost of lost consumer confidence that can damage your company’s reputation and result in lost sales.

The Cost of a Data Breach Report indicated that lost business held the lion’s share of data breach costs, representing 38% of the total costs of a data breach across industries. In a field like retail, that number may be higher than the average since a company’s reputation — and therefore, sales — relies heavily on keeping customer data safe.

What Are the Risks and Challenges of Data Security in the Retail Industry?

The massive spike in e-commerce sales in the past year created additional challenges for shopping websites to keep customer data safe. In addition, the retail industry faces many challenges in preventing data breaches.

First, stores must be vigilant about security across all fronts, from protecting data at the point of sale to protecting the servers where customer data is stored.

Store owners can mitigate risk by ensuring they use the latest in point of sale technology, including accepting EMV chip cards and mobile wallet payments. Companies should also deploy the latest tools online, including artificial intelligence and the zero trust model of IT security, to protect information at every level — from corporate headquarters to storefronts and, especially, on their e-commerce sites. That way, you can worry less about the cost of a data breach.

 |  |  |  |  | 
Dawn Allcot
Freelance Writer

More from Data Protection
November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

November 5, 2024

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature