, that investigated the breach, reported that the methods used in the data breach included the card skimming codes resembling those used in the data breach at the Ticketmaster in June and the more recent British Airways data breach in September this year. They used the same domain name to bring confusion to unsuspecting customers and carry out their attack without arousing suspicions. They also used an SSL certificate, which is secure, to avoid making the customers suspicious. The data breach affected most desktop users. There is also a theory that mobile phone users were affected but this has not been proven yet. According to Yonathan Klijnsma, a RiskIQ researcher, the attack by the group shows the extent of their abilities and that any online payment processing company is a target for the hackers. He also added that there are no specific targets and target locations. Newegg did not respond to the comments by Gizmodo. However, Techcrunch reported that the CEO of the company, Danny Lee, sent an email to all customers of the company informing them of the attack and that they have not yet fully determined all affected accounts.
How to Prevent Future Attacks
When data breaches occur it deals a very big blow to e-commerce businesses. The clients lose confidence in the company and the company may face many lawsuits. This brings about losses to the company. Some small companies are most affected by data breaches and may not survive the attacks. For example, “DistributeID” closed down after data breaches hit the company. This brings the major problem of cybersecurity to the forefront. The good news, however, is that there are various ways to deal with the data breach challenges:
Using a Secure Payment Gateway
Payment gateways have been in use for a long time by online retailers for securing their customers’ data. They act as the broker between the customers, merchants and the banks. Secure payment gateways should have four features; integrity, authentication, non-repudiation, and confidentiality. Authentication ensures that the gateway should verify the parties information before proceeding, integrity ensures that the data remains unmodified while the parties are interacting, confidentiality ensures that data is not disclosed to any unauthorized party during the communication. This includes non-disclosure of customer’s credit card info. Security is also essential in the gateway and customers should be assured of it.
Avoid Storing Credit Card Information
Tom Harnish, a senior scientist whose websites have been hacked in the past in order to steal credit information, advises e-commerce sites to avoid storing credit card info on their sites. He states that the security of the websites is not 100% safe and are prone to attacks at some time. He gives the example of big companies like Sony whose websites has been hacked. He instead advises the sites to use trusted third-party soft wares that deal with payment processing for storing their customers’ credit card info.
Limiting Employees’ Access to Sensitive Data
Before allowing your employees to access sensitive data that can be easily compromised, you should educate them on ways of securing the data. If possible, you should employ multi-party authorization where more than one employee has to authorize a function before it can be carried out.
Perform Regular Server Checks
The servers are the most important as far as your customers’ information is concerned. You should always make efforts to ensure that the servers are secure and protected. You should ensure that you perform regular data scans on the servers to check for threats, malware, and vulnerabilities of the servers. Employees of your company who can access the servers should be thoroughly vetted. Also, installing security measures such as CCTVs and security guards is the first step in ensuring the servers are secure. Data breaches cost companies billions each year, as the retailers violate clients trust in addition to financial loss to correct the situation. Online retailers should, do their best to ensure the safety of their customers’ information.