It has been reported that there have been attempts to hack into customer accounts using stolen passwords and as a result, leading pharmacy and beauty retailer, Boots, has suspended payments using loyalty points in shops and online.
Commenting on the issue is Chief Security Officer at Cybereason, Sam Curry: “The Boots breach is yet another reminder of how it’s become almost a reflex now for retailers to contact customers saying ‘we regret to inform you that due to a breach, your personal data may have been….’ The number of identity compromises by this point is huge and yet life continues. For the consumer, they should be working under the assumption that their personal information has been compromised many times over. As an industry, until we can start making cybercrime unprofitable for adversaries, they will continue to hold the cards that will yield potentially massive pay-outs.
“Fool me once, shame on you. Fool me twice, shame on me. Fool me 10 times, enough is enough! It’s time to really up the ante: minimise the extent of possible breaches and compromises, minimise exposure when breaches like this occur. Having customer data is a privilege, not a right. The time to beef up security is long past. Explanations for breaches of this sort in the retail industry demand a little more than a form letter and business as usual. If crime actors find a new way to compromise data, the numbers shouldn’t be in the 10s of millions and the stories of how it’s done should be getting more sophisticated. If not, it’s like hanging a sign outside saying ‘jobs wanted’ by the fraudsters and that’s not acceptable in 2020.”