Security Expert On Sweaty Betty’s eCommerce Data Breach

Experts commented below on Sweaty Betty’s data breach caused by cyber-criminals inserting malicious code into its eCommerce website to capture customer card details during the checkout process.

Experts Comments

December 05, 2019
Robert Prigge
CEO
Jumio
"With the holiday retail season in full swing, digital commerce companies can increasingly expect to be a target for account takeover and other e-skimming threats. The Sweaty Betty hack and other recent large-scale data breaches are accelerating the threat of a wide range of online and identity fraud. Increasingly, criminals have everything they need to commit fraud thanks to the personal information stolen through this hack and other readily available data on the dark web. This highlights the.....Read More
"With the holiday retail season in full swing, digital commerce companies can increasingly expect to be a target for account takeover and other e-skimming threats. The Sweaty Betty hack and other recent large-scale data breaches are accelerating the threat of a wide range of online and identity fraud. Increasingly, criminals have everything they need to commit fraud thanks to the personal information stolen through this hack and other readily available data on the dark web. This highlights the pressing need for retailers – and any company with a digital presence – to adopt biometric authentication solutions to protect their legitimate users and online ecosystem by verifying that the person placing an online order is, in fact, the account owner."  Read Less
December 05, 2019
James Carder
Chief Information Security Officer & Vice President
LogRhythm Labs
“Many companies within the retail industry have focused on innovating customer experience and delivering seamless services for their online users, yet investment in security strategies to reduce the vulnerability of cyber attacks are unfortunately not a focal point until after the fact. Sweaty Betty took immediate action and reported the incident quickly, yet the malicious code that the third party attacker inserted to gain sensitive personal data of customers went unsuspected for over a.....Read More
“Many companies within the retail industry have focused on innovating customer experience and delivering seamless services for their online users, yet investment in security strategies to reduce the vulnerability of cyber attacks are unfortunately not a focal point until after the fact. Sweaty Betty took immediate action and reported the incident quickly, yet the malicious code that the third party attacker inserted to gain sensitive personal data of customers went unsuspected for over a week. This indicates that either an insider or an attacker had access to Sweaty Betty’s environment for at least that long (and likely longer) to inject and push the code in the first place, and at the end of the day, no code – malicious or otherwise – should ever make it into production without it being validated as legitimate first. As more and more connected applications are added to an enterprises’ IT infrastructure, such as online payment portals, the ability to manage and detect all threats becomes increasingly difficult. For every retail company, it is not only critical that they have the communication and notification tools in place, but that they also know how to properly instrument their complex IT environment to achieve a complete forensic view into anomalous and malicious activity across all vectors. An appropriately configured security monitoring solution that has full visibility into the environment likely would have identified indicators of compromise related the malicious code and could have helped Sweaty Betty stop the threat even sooner.”  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.