Back-to-back data breach announcements from Under Armour and Hudson’s Bay Co.-owned banners Saks Fifth Ave. and Lord & Taylor may be yielding a new trend across retail — except its not a fad that is likely to find favor among consumers.
With Under Armour’s data security issue affecting around 150 million members of its MyFitnessPal community and the HBC hack reportedly impacting about five million Saks Fifth Ave., Saks Off 5th and Lord & Taylor shoppers in North America last week, suffice it to say scores of fearful consumers are likely scrambling to determine an appropriate course of action.
“Unfortunately, companies do not do enough to protect our personal information. It is frustrating that we trust businesses with our information but keep paying the price when they get breached,” said Zohar Steinberg, founder and CEO of mobile app Token, which helps its users to shop more securely by disguising their payment details and creating a pseudo identity. “Data breaches are becoming too frequent and consumers are losing faith in the system.”
In fact, the number of U.S. data breach incidents tracked in 2017 hit a record high of 1,579 breaches, according to the 2017 Data Breach Year-End Review by the Identity Theft Resource Center and CyberScout. The report indicated a drastic upturn of 44.7 percent increase over the record high figures reported for 2016.
Although they differed in terms of the type of data impacted — the affected information in UA’s hack included usernames, email addresses and hashed passwords while HBC’s breach reportedly involved debit and credit card information — the situations at both companies bring attention to the rise of fraud in the digital age.
Meanwhile, for retailer’s using centralized databases to store customers’ information, the problems can be particularly plentiful.
“When data that’s used for customer account login or for payments is centralized on a retailer’s server, it’s especially vulnerable,” noted George Avetisov, CEO of HYPR, a provider of decentralized authentication services for businesses. “Companies such as Mastercard are decentralizing customer data, keeping sensitive information close to the customer on their users’ devices to avoid the large attack surface and single point of failure that centralized systems have.”
And, there are also useful ways for individual consumers to fight fraud and protect themselves.
“It’s time for us, consumers, to take matters into our own hands and use payment security services that secure our information, even before we give it away online or over the phone, because the best way to protect our information, is to not share it in the first place,” noted Steinberg whose company offers such a service.
But, how should consumers react after a breach has already happened and their information is in the wrong hands?
“In the case of a compromised payment card, customers should contact their financial institutions to get new cards issued to prevent unauthorized use of compromised information,” Alex Heid, white hat hacker and Chief Research Officer at SecurityScorecard, said. “In the case of a compromised email:password combination, customers should make sure to change their passwords on that service and any other service that shares the same password.”
Avetisov also suggests that consumers do the rounds on social media, personal email and other accounts since “data in the wrong hands can be used for many kinds of unauthorized access.”