Data Security

Jeans giant Gap fell victim to a web hoax on Tuesday, with a fake corporate website set up to shame the retailer for its response to Bangladesh worker deaths. The convincing-looking GapDoesMore.com surfaced to coincide with the annual Gap Inc. shareholder meeting, where the San Francisco clothier celebrated its recent decision to boost minimum worker wage to $10. The site, still live as of

eBay Inc. said on Wednesday that a cyber attack carried out three months ago has compromised customer data, and the company urged 145 million users of its online commerce platform to change their passwords. The company said unknown hackers stole email addresses, encrypted passwords, birth dates, mailing addresses and other information in an attack carried out between late February and early March. The files didn't contain financial information.

Some of the nation's largest retailers are banding together in hopes of protecting consumers' personal and financial information from hackers and thieves. The Retail Industry Leaders Association, along with several top retailers, like Gap and Walgreens, on Wednesday opened an intelligence-sharing center focused on the prevention of cybercrimes against retailers. According to the retail group, the center will allow retailers to share

Target, which is recovering from a massive data breach, on Tuesday named high-profile information technology consultant Bob DeRodes as chief information officer. The discount retailer's previous CIO resigned in March, several months after the data breach, which included the theft of about 40 million credit and debit card records and 70 million other records of customer details late last year. DeRodes has been a senior information technology advisor for the U.S. Department of Homeland Security, the U.S. Secretary of Defense and the U.S. Department of Justice.

Michaels assured customers a previously disclosed data security issue had been fully contained and raised the disconcerting prospect that it's only possible to make such a claim after a breach has been detected. The company said in January that it learned of possible fraudulent activity on some U.S. payment cards that had been used at its stores. An extensive investigation ensued that involved two independent security firms who, along with the company, worked closely with law enforcement authorities, banks and payment processors to determine what happened.

As data continues to grow at unprecedented speeds, retail organizations must embrace a data-driven mind-set to stay competitive. Considering that 90 percent of the world's data was created in the last two years, this won't be a curve that drops off. With the influx of bigger data and new types of data, retailers of all sizes increasingly depend on large sets of information to make better business decisions. Midsized retailers, now able to cross barriers to the new age of data, have fast become committed to discovering those insights and putting them to work for their operations and customer relationships.

After last year's massive security breaches at Target and Neiman Marcus Group, data-security professionals urged U.S. retailers to upgrade their credit and debit card technology to reduce fraud. Companies have been slow to embrace the more secure payment systems that have been widely used in Europe and Asia for years, mostly because of the expense and a lack of synchronization among retailers, credit card providers and banks.

The recent hacking of customer data from Target computers is roiling the California legislature. Last week, two members of the Assembly touted a bill to strengthen consumer safeguards and limit the type of information collected and retained by retailers. The measure may trigger one of the year's biggest disputes over business-related legislation. "It'll be a big fight, a tough fight," said Bill Dombrowski, president of the California Retailers Association. The bill would shift the responsibility for any data breach from the banks and credit card issuers to the retail businesses where the breach occurred.

Earlier this month, Sally Beauty confirmed a security breach and is now offering one free year of credit monitoring and identity-theft protection for those customers who may have been affected by the incident. As previously reported by Drug Store News, the beauty retailer detected on March 5 an unauthorized intrusion into its network. Over the last several weeks, Sally Beauty has been investigating the security incident with the assistance of its advisers. The company previously disclosed that it believed fewer than 25,000 records containing payment card data may have been illegally accessed on its system.

There are two kinds of companies today: those that have already had a data breach and those who don't know their data has been breached. It's a sad fact of our time that nearly every aspect of our society has been hacked, including education, business and government. The Venable law firm reports that 621 confirmed data breaches occurred in 2012 alone, and retailers represented 21.7 percent of network-based data breach incidents.
 Is your company ready? What will it cost for it to be ready? Can data breaches be prevented? These were just some of the key questions covered in a recent Direct Marketing Association (DMA) webinar on retailer readiness for data breaches.