In January 2014, the retail company disclosed they had suffered a breach where hackers accessed the debit and credit card information of customers who shopped between 16th July to 30th October 2013. The breach occurred when malicious software was installed onto point of sales system that collected payment card data from customers who made purchases during those dates.
Originally, the company estimated that as many as 1.1 million cardholders could have been affected but further investigation found that it affected a maximum of 350,000 customers. About 9,200 of those stolen credit cards were used fraudulently. Only in-store customers were affected, not online transactions.
As a result of the breach, the company said it conducted a vulnerability assessment of its payment card systems, reviewed its intrusion detection systems and firewalls, further hardened its systems, added new security tools and modified its software and security credentials.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We offer a range of cost-effective, fixed-price training programmes and consultant services derived from the unique insights gained from all our case study data.
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.
We've done the analysis so you can make the decisions