Hanna Andersson Suffers a Data Breach

Hanna Andersson, a children’s clothing company with stores across the country, has told customers that their card payment data may have been compromised in a security breach last year. For nearly two months from mid-September to mid-November, an “unauthorized third party” had access to card payment information that certain customers entered as they were checking out on Hanna Andersson’s website, Mike Edwards, the company’s CEO, said in a Jan. 15 letter to customers viewed by CyberScoop. The exposed data included payment card numbers, expiration dates and CVV codes, along with customers’ names, billing addresses and shipping addresses. It's unclear how many customers were affected by the incident.

Total Retail's Take: This is the latest example of a retailer's customer data being stolen, and the unfortunate truth is that many more breaches will follow. Fraudsters are adept at staying one step ahead of retailers’ security protocols, making prevention only part of the issue for brands. They must also have a plan in place when the inevitable data breach does occur — e.g., when do they alert law enforcement authorities, how and when do they communicate to their customers that a breach has occurred, how will customers be protected going forward (e.g., working with a cybersecurity firm).

“Many websites, especially retailers, are suffering from Magecart-like attacks as hackers evolve the malware in an effort to steal credit card information on the web," notes Robert Capps, vice president of market innovation for NuData Security, a Mastercard company. "Companies can mitigate fraudulent transactions by identifying customers through their online behavior instead of relying on credentials or credit card numbers. This method allows companies to block transactions from credit cards that have been stolen.”