Threat Trends

6 mins

Top 15 attacks on retail sector: Lessons learned

What makes the retail sector a low-hanging fruit for cybercriminals?

We at Hadrian have been working with retail businesses of all sizes. A cyber incident at one of their peers would act as a reminder for us to be alert, as well as a learning opportunity on what went wrong and how we can rectify the situation.

As part of our endeavor, we constantly analyze cyber attacks on retail firms across the world. While attacks remain unpredictable, we realized that there are a few patterns that might help us get our security posture right. Take a look at the top 15 cyber incidents that have shaken the retail industry, listed chronologically here.

1. Target (2013)

Target Corporation is a large retail chain offering a variety of products including household essentials, apparel, and electronics, headquartered in Minneapolis, Minnesota, USA. Target’s breach was one of the first to signal the scale of damage cyber attacks could inflict. Hackers compromised 40 million debit/credit card accounts and 70 million customer records.

2. eBay (2014)

eBay Inc. is an online marketplace that connects buyers and sellers globally, headquartered in San Jose, California, USA. A massive breach at eBay exposed the personal information of 145 million users, highlighting the vulnerability of user data stored online.

3. Home Depot (2014)

The Home Depot is the largest home improvement retailer in the United States, headquartered in Atlanta, Georgia, USA. In a significant attack, Home Depot saw 56 million card details and 53 million emails compromised, underscoring the need for robust cybersecurity measures.

4. Costco (2015)

Costco Wholesale Corporation operates an international chain of membership warehouses, known for its low prices on bulk purchases, headquartered in Issaquah, Washington, USA. Costco’s data breach involved the data of 58,000 customers, including payment information, due to card skimming attacks.

5. Saks Fifth Avenue / Lord & Taylor (2018)

Saks Fifth Avenue is an American luxury department store chain, while Lord & Taylor is a historic department store known for designer clothing and accessories, both headquartered in New York City, New York, USA. Nearly 5 million customer payment card details were stolen, marking a substantial theft in the luxury retail segment.

6. Under Armor (2018)

Under Armour, Inc. is a manufacturer of sports and casual apparel and footwear, headquartered in Baltimore, Maryland, USA. Breach at its MyFitnessPal app breach affected 150 million user accounts, revealing the risks associated with mobile and online services.

7. Forever 21 (2018)

Forever 21 is a fast-fashion retailer offering the latest trends in clothing and accessories, headquartered in Los Angeles, California, USA. Malware deployed to gather credit card data from POS systems resulted in a significant breach at Forever 21.

8. NutriBullet (2020)

NutriBullet is a brand of personal, single-serve blenders and health-conscious products, with a significant online presence. It is owned by De'Longhi S.p.A. an Italian small appliance manufacturer based in Treviso, Italy. Hackers placed card skimming codes on NutriBullet’s website, stealing sensitive financial information from customers.

9. Bonobos (2021)

Bonobos is an e-commerce-driven apparel company specializing in men’s clothing, headquartered in New York City, New York, USA. A 70-gigabyte SQL backup file containing 7 million shipping addresses was stolen, showcasing the risks of third-party cloud providers.

10. Neiman Marcus Group (2021)

Neiman Marcus Group is a luxury department store operator offering high-end clothing and accessories, headquartered in Dallas, Texas, USA. A breach compromised the personal information of 4.6 million customers, one of the largest affecting the luxury retail sector.

11. Ikea (2021)

Ikea is a multinational group known for its ready-to-assemble furniture and home accessories, with its global headquarters in Leiden, Netherlands. It uses a service platform called TaskRabbit to connect users to a network of independent ‘Taskers’ to handle everything from IKEA furniture assembly to odd jobs or errands. TaskRabbit operations were disrupted due to a cyberattack, affecting the furniture giant’s subsidiary service.

12. CVS Health (2021)

CVS Health is a healthcare company that owns CVS Pharmacy, a retail pharmacy chain, headquartered in Woonsocket, Rhode Island, USA. A misconfigured database containing 1.1 billion records was found publicly available, raising concerns over data security practices.

13. MediaMarkt (2021)

MediaMarkt is a German multinational chain of stores selling consumer electronics with numerous locations across Europe. Hive ransomware group encrypted MediaMarkt’s servers, demanding a ransom of $240 million.

14. Sobeys (2022)

Sotheby's is a British-founded multinational corporation with headquarters in New York City. A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance.

15. Indigo (2023)

Indigo Books & Music Inc. is Canada’s largest book, gift, and specialty toy retailer, headquartered in Toronto, Ontario, Canada. A ransomware attack disrupted operations and impacted payment systems.

Retail cybersecurity: Common characteristics

The nature of attacks, the locations of victims, and the kind of data/information affected are different. However, a closer look at all these victims reveals certain common threads intensify the threat of cyber attacks.

First and foremost, the sheer volume of sensitive customer data that retailers collect and store makes them attractive targets for cybercriminals. From credit card information and personal identification details to purchase histories and contact information, retailers amass a treasure trove of valuable data that can fetch a hefty price on the dark web.

Moreover, the nature of retail operations often involves numerous touchpoints where customer data is transmitted and stored, increasing the potential attack surface for cyber threats. Whether it's through online transactions, point-of-sale systems, mobile apps, or customer loyalty programs, retailers handle sensitive data at various stages of the customer journey, creating multiple opportunities for cyber attackers to exploit vulnerabilities.

Additionally, the high volume of transactions and the fast-paced nature of retail operations can sometimes take precedence over security protocols, leaving gaps in defenses that cybercriminals can exploit. With the pressure to deliver seamless shopping experiences and meet consumer demands for convenience, retailers may overlook critical security measures or fail to keep pace with evolving cyber threats.

Furthermore, the interconnected nature of retail ecosystems, involving suppliers, vendors, third-party service providers, and online marketplaces, introduces additional risks. Weaknesses in the security posture of any party within this ecosystem can potentially compromise the entire supply chain, leading to data breaches and cyber attacks that ripple across multiple organizations.

Threat intelligence and preparedness

Ultimately, the convergence of valuable data, complex IT infrastructures, customer-facing technologies, and interconnected supply chains makes the retail sector an attractive target for cybercriminals. 

Understanding these patterns and spotting them in your retail business improves the effectiveness of your cybersecurity measures, investment in robust defenses, implementation of security protocols, and continuous monitoring and adaptation to emerging threats in order to safeguard sensitive customer data and protect their brand reputation.

Hadrian has compiled our insights on retail cybersecurity in our eBook

Book a demo

Get started scanning in 5 minutes

We only need your domain for our system to get started autonomously scanning your attack surface.

Book a demo