Welcome to Reflectiz team news pick for September 2019. Our team of editors highlighted three important events that concerns cybersecurity and third-party risks in particular.
Garmin South-African Shopping Portal Breach Leads to Theft of Payment Data
Garmin’s South African Director recently announced that the company had discovered theft of customer data from orders placed through its South-African shopping portal, compromising users’ personal data related to orders they placed through on the SA website.
From third-party risk perspective this case is interesting because of the signs that the shopping portal was a victim of a Magecart group, mainly due to the fact that it runs on Magento CMS.
According to Malwarebytes security researcher Jérôme Segura, quoted by BleepingComputer: “While the cause is not mentioned, the kind of stolen data (typical checkout form fields) and the CMS (Magento) sound like a Magercart skimmer”.
Read more: BleepingComputer
80 e-commerce websites were compromised by almighty Magecart
According to a recent report by Arxan who analyzed numerous website vulnerabilities, Magecart has attacked again, and this time, about 80 e-commerce sites were compromised. In a series of cyber-attacks associated to the same criminal umbrella group known as “Magecart” reports indicate that the skimmers were able to maliciously inject form-jacking JavaScript codes into over 80 e-commerce websites to steal credit cards payment information and customer data.
The worst part for most of these compromised websites is that they are likely to face potential sanctions which might affect their profit. Britain’s privacy watchdog issued a “notice of intent” in July, to British Airways, about 230 million dollars for violating the Europeans Union data protection regulations. Of course, we know the fine is attributed to the recent attack from Magecart.
Read more: Bank of Security
British Airways again: This breach doesn’t end with a £183 million fine
The British Airways breach is still making headlines and the numbers are getting higher and higher.
According to one of UK’s leading newspapers, The Telegraph, BA might be facing additional claims that might cost the company billions, right billions. This estimation refers to a 185K victims which might receive up to £16,000. “Lawyers said victims could receive as much as £16,000 each in cases where psychological injury is extreme, while average compensation payments for distress could reach £6,000.”
But there’s more, while according to the paper, up to 600,000 customers were affected by the BA breach. This is an interesting number, especially as it comes from a well-established newspaper. Historically, the numbers of the affected customers were lower, 380,000 at the beginning, an estimate of half a million according to the British ICO and now – 600,000!
As security professionals, accountability is always a main concern, but this case provides a warning of how much a third-party data breach, a Magecart attack, can really cost.
Read more: The Telegraph
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!