3 Web Third-Party Related Events from the Web You Don’t Want to Miss – September 2019

3 Web Third-Party Related Events from the Web You Don’t Want to Miss – September 2019
September 13, 2019
Welcome to Reflectiz team news pick for September 2019. Our team of editors highlighted three important events that concerns cybersecurity and third-party risks in particular. 
Garmin South-African Shopping Portal Breach Leads to Theft of Payment Data

Garmin’s South African Director recently announced that the company had discovered theft of customer data from orders placed through its South-African shopping portal, compromising users’ personal data related to orders they placed through on the SA website.

From third-party risk perspective this case is interesting because of the signs that the shopping portal was a victim of a Magecart group, mainly due to the fact that it runs on Magento CMS.

According to Malwarebytes security researcher Jérôme Segura, quoted by BleepingComputer: “While the cause is not mentioned, the kind of stolen data (typical checkout form fields) and the CMS (Magento) sound like a Magercart skimmer”.

Read more: BleepingComputer

 

80 e-commerce websites were compromised by almighty Magecart

According to a recent report by Arxan who analyzed numerous website vulnerabilities, Magecart has attacked again, and this time, about 80 e-commerce sites were compromised.  In a series of cyber-attacks associated to the same criminal umbrella group known as “Magecart” reports indicate that the skimmers were able to maliciously inject form-jacking JavaScript codes into over 80 e-commerce websites to steal credit cards payment information and customer data.

The worst part for most of these compromised websites is that they are likely to face potential sanctions which might affect their profit. Britain’s privacy watchdog issued a “notice of intent” in July, to British Airways, about 230 million dollars for violating the Europeans Union data protection regulations. Of course, we know the fine is attributed to the recent attack from Magecart.
Read more: Bank of Security

 

British Airways again: This breach doesn’t end with a £183 million fine

The British Airways breach is still making headlines and the numbers are getting higher and higher.

According to one of UK’s leading newspapers, The Telegraph, BA might be facing additional claims that might cost the company billions, right billions. This estimation refers to a 185K victims which might receive up to £16,000. “Lawyers said victims could receive as much as £16,000 each in cases where psychological injury is extreme, while average compensation payments for distress could reach £6,000.”

But there’s more, while according to the paper, up to 600,000 customers were affected by the BA breach. This is an interesting number, especially as it comes from a well-established newspaper.  Historically, the numbers of the affected customers were lower, 380,000 at the beginning, an estimate of half a million according to the British ICO and now – 600,000!

As security professionals, accountability is always a main concern, but this case provides a warning of how much a third-party data breach, a Magecart attack, can really cost.

Read more: The Telegraph

 

Looking for more updates?

Visit our social channels:

Reflectiz Twitter page

Reflectiz LinkedIn channel

 

As always, if you have questions or would like to explore more, you are welcome to contact our team.