Another day, another data breach. The latest attack involves the theft of credit card information from Hudson’s Bay Company (HBC), whose stores include the Saks Off 5th, Saks Fifth Avenue and Lord & Taylor stores in North America. The haul is believed to include account information related to over five million credit or debit cards, with tens of thousands of them already showing up for sale on the dark web. HBC said that the issue has been identified and that steps are underway to contain the damage, noting that customers are not liable for any fraudulent charges made with their cards.
Here are some action items to help your business protect its customers’ credit card data:
If you accept credit cards, be sure that you are compliant with the Payment Card Industry (PCI) Data Security Standards (DSS). While being compliant with the PCI DSS does not provide invulnerability from being compromised, it is an excellent way to greatly reduce the chances of a successful attack.
Train every employee to remain vigilant when receiving emails asking for sensitive information or requesting they open an attachment. These emails may be spear-phishing attacks, with the intent of harvesting credentials or deploying malware, allowing criminals a way into your network. A significant number of compromises begin with an employee being socially engineered into turning over sensitive information to an attacker.
Have a breach response plan in place to streamline the recovery process in the event your business is compromised. Be sure to test the plan with the key members of your company (Finance, IT, CEO, etc.) at least once a year.
For more information on how to keep your data safe, contact Citrin Cooperman’s Cybersecurity professionals at 401.421.4800 or firstname.lastname@example.org.