Security Expert On Sweaty Betty’s eCommerce Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | Dec 05, 2019 06:40 am PST

Experts commented below on Sweaty Betty’s data breach caused by cyber-criminals inserting malicious code into its eCommerce website to capture customer card details during the checkout process.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Robert Prigge
InfoSec Expert
December 5, 2019 2:46 pm

\”With the holiday retail season in full swing, digital commerce companies can increasingly expect to be a target for account takeover and other e-skimming threats. The Sweaty Betty hack and other recent large-scale data breaches are accelerating the threat of a wide range of online and identity fraud. Increasingly, criminals have everything they need to commit fraud thanks to the personal information stolen through this hack and other readily available data on the dark web. This highlights the pressing need for retailers – and any company with a digital presence – to adopt biometric authentication solutions to protect their legitimate users and online ecosystem by verifying that the person placing an online order is, in fact, the account owner.\”

Last edited 3 years ago by Robert Prigge
James Carder
James Carder , Chief Information Security Officer & Vice President
InfoSec Expert
December 5, 2019 2:43 pm

“Many companies within the retail industry have focused on innovating customer experience and delivering seamless services for their online users, yet investment in security strategies to reduce the vulnerability of cyber attacks are unfortunately not a focal point until after the fact.

Sweaty Betty took immediate action and reported the incident quickly, yet the malicious code that the third party attacker inserted to gain sensitive personal data of customers went unsuspected for over a week. This indicates that either an insider or an attacker had access to Sweaty Betty’s environment for at least that long (and likely longer) to inject and push the code in the first place, and at the end of the day, no code – malicious or otherwise – should ever make it into production without it being validated as legitimate first.

As more and more connected applications are added to an enterprises’ IT infrastructure, such as online payment portals, the ability to manage and detect all threats becomes increasingly difficult. For every retail company, it is not only critical that they have the communication and notification tools in place, but that they also know how to properly instrument their complex IT environment to achieve a complete forensic view into anomalous and malicious activity across all vectors. An appropriately configured security monitoring solution that has full visibility into the environment likely would have identified indicators of compromise related the malicious code and could have helped Sweaty Betty stop the threat even sooner.”

Last edited 3 years ago by James Carder

Recent Posts

Would love your thoughts, please comment.x