Back-to-back data breach announcements from Under Armour and Hudson’s Bay Co.-owned banners Saks Fifth Ave. and Lord & Taylor may be prompting a new trend across retail — except it’s not a fad that’s likely to find favor among consumers.
With Under Armour’s data security issue affecting around 150 million members of its MyFitnessPal community and the HBC hack reportedly impacting about 5 million Saks Fifth Ave., Saks Off 5th and Lord & Taylor shoppers in North America last week, scores of fearful consumers are scrambling to determine an appropriate course of action.
“Unfortunately, companies do not do enough to protect our personal information. It is frustrating that we trust businesses with our information but keep paying the price when they get breached,” said Zohar Steinberg, founder and CEO of mobile app Token, which helps its users to shop more securely by disguising their payment details and creating a pseudo-identity. “Data breaches are becoming too frequent, and consumers are losing faith in the system.”
In fact, the number of U.S. data breach incidents tracked in 2017 hit a record high of 1,579, according to the 2017 Data Breach Year-End Review by the Identity Theft Resource Center and CyberScout. The report indicated a drastic 44.7 percent increase over the record-high figures reported for 2016.
Although the incursions differed in terms of the type of data impacted — UA’s hack included usernames, email addresses and hashed passwords, while HBC’s reportedly involved debit and credit card information — the breaches at both companies bring attention to the rise of fraud in the digital age.
For retailers using centralized databases to store customer information, the problems can be particularly plentiful.
“When data that’s used for customer account login or for payments is centralized on a retailer’s server, it’s especially vulnerable,” noted George Avetisov, CEO of HYPR, a provider of decentralized authentication services for businesses. “Companies such as Mastercard are decentralizing customer data, keeping sensitive information close to the customer on their users’ devices to avoid the large attack surface and single point of failure that centralized systems have.”
And there are also ways for individual consumers to fight fraud and protect themselves.
“It’s time for us, consumers, to take matters into our own hands and use payment security services that secure our information, even before we give it away online or over the phone, because the best way to protect our information is to not share it in the first place,” noted Steinberg, whose company offers such a service.
But how should consumers react after a breach has happened and their information is in the wrong hands?
“In the case of a compromised payment card, customers should contact their financial institutions to get new cards issued to prevent unauthorized use of compromised information,” said Alex Heid, a white-hat (i.e., ethical) hacker and chief research officer at SecurityScorecard. “In the case of a compromised email-password combination, customers should make sure to change their passwords on that service and any other service that shares the same password.”
Avetisov also suggests that consumers do the rounds on social media, personal email and other accounts since “data in the wrong hands can be used for many kinds of unauthorized access.”
Under Armour said last week that when it learned of the data breach, which occurred in February, it “quickly took steps to determine the nature and scope of the issue” before alerting the lifestyle network’s members four days later with guidance on how to protect their information. Its users will be required to change their passwords.
HBC said an investigation is underway to determine the extent of its situation and will make customer service representatives available to shoppers who desire more information. The company also plans to offer impacted consumers free identity protection services, including credit and web monitoring.