Newegg is one of the United States largest online retailers of electronics which has been exploited by the group responsible for the Ticketmaster and British Airlines breaches.
Risk to Small Business is severe: A breach including sensitive payment information such as this could dismantle customer trust, especially in a company that is first and foremost an online retailer.
Individual Risk is a moderate risk: Those affected by this breach should contact their credit card companies IMMEDIATELY. Magecart is no joke, as demonstrated by their wide range of attacks across various industry and the scope of their abilities.
Customers Impacted: Unclear, but the site has 45 million monthly unique visitors and was breached for over a month.
How it Could Affect Your Business: Magecart is back, and they mean business. The group that is responsible for the Ticketmaster and British Airlines breach has now targeted Newegg. This shows that the group isn’t limited to one industry or country. Magecart is a global operation that can target any organization that processes payments online.
Magecart is Ruffling Through Your Cart.
With the Magecart group taking on companies such as British Airlines, Ticketmaster and now Newegg, it’s a good time to talk about online retail security. Researchers at SecurityScorecard analyzed 1,444 domains within the sector for 5 months to collect data on how secure the industry is. What they found… was not pretty.
The retail industry was the second lowest scoring, with entertainment being the only major industry more vulnerable. The retail sector was last in its ability to protect against social engineering attacks, which is concerning because the retail industry is the third most targeted industry behind banking and finance.
Many credit card associations have called for changes to be made within the sector, but many organizations are not fully compliant or not at all. In fact, 91% would fall under noncompliance. The combination of the popularity of online retailing with the fact that there is a very serious hacker group targeting websites that process payments, means the retail sector needs to look into buckling down because these threats aren’t going to go away.