Latest news with #GlobalRetailReport2025
Yahoo
2 days ago
- Business
- Yahoo
The North Face Deals With Cybersecurity Attack
With cybersecurity attacks becoming more of a concern for major retailers and independent stores alike, The North Face is the latest to have been struck. The North Face has informed consumers of unauthorized access to some shoppers' personal information due to 'unusual activity' on its site in late April. The company said the matter was immediately investigated and it was determined that 'a small-scale credential stuffing attack' against its site had taken place on April 23. A credential stuffing attack refers to a cybersecurity breach where the attacker uses account authentication credentials such as email addresses, usernames and passwords that were stolen from a source to access the users' accounts without their authorization. Those credentials were then believed to have been used to access consumers' accounts on The North Face site. More from WWD North Face Is Latest Cyberattack Victim: Customer Credit Card Data Safe Remains Safe Academy Sports + Outdoors Forge Ahead With 3 New Doors Victoria's Secret Reveals Preliminary Q1 Results, but Delays Full Report Following 'Security Incident' The company said approximately 1,500 individuals were impacted. In a statement released Wednesday, The North Face said, 'The incident was quickly contained, and those affected were promptly notified. It's important to note that no credit card information was compromised. Protecting the data of our customers remains our highest priority.' The company said it did not believe the incident involved information that would require it to notify consumers of a data security breach under applicable law. The North Face said it was notifying them out of an abundance of caution. The outdoor brand said that credit card or stored value card information was not compromised on its site and that the attacker could not view payment card numbers, expiration dates and CVVs, since that information is not kept on its site. The North Face advised shoppers to change their passwords on its site and to avoid using the same password across multiple sites. The VF-owned brand also mapped out how to avoid cybersecurity attacks and identity theft. Earlier this week Victoria's Secret said it would postpone the release of its earnings after a recent security breach on its site. In the U.K., Harrods, Marks & Spencer and the Co-op Group were hit with cyberattacks this spring. Credential theft accounted for 38 percent of all compromised data in 2023 making it the leading threat in retail cyberattacks, according to KnowBe4's 'Global Retail Report 2025.' That signaled a shift in cybercriminal tactics targeting the retail sector, according to researchers. The report found that in 2023, credential harvesting, which often involves phishing attacks, had outpaced payment card data, which declined to 23 percent of all compromised data. Retail is now among the top five industries that have been targeted by cybercriminals, according to the report. Last year the average cost of a retail data breach reached $3.48 million — an 18 percent upswing compared to 2023. The frequency of retail-related cybersecurity attacks increased by 56 percent in 2023 compared to the previous year. Last month researchers from Google Threat Intelligence Group and Google subsidiary Mandiant said that cybercriminals who were believed to have been responsible for three attacks against companies in the U.K. were focusing on U.S. retailers. Last month, Victoria's Secret had to temporarily shut down its site after a cybersecurity breach. Best of WWD Young Brooke Shields' Style Evolution, Archive Photos: From Runway Modeling & Red Carpets to Meeting Princess Diana The Most Memorable French Open Tennis Outfits With Serena Williams, Naomi Osaka & More [PHOTOS] Beyoncé's 'Cowboy Carter Tour' Outfits, Live Updates: Schiaparelli, Burberry, Loewe and More
Yahoo
12-03-2025
- Business
- Yahoo
Cybercriminals Shift Tactics as Credential Harvesting Tops Payment Data Theft in Retail
Cybercriminals are getting personal. Literally. According to KnowBe4's 'Global Retail Report 2025,' the greatest threat is 'credential harvesting' where personal information is stolen. Researchers at the firm said that credential harvesting, 'which is often orchestrated through phishing attacks, has become the predominant threat, accounting for 38 percent of all compromised data in 2023, while payment card data theft dropped to 25 percent.' More from WWD January Digital Unveils 'January Growth' to Serve Fast-growing E-commerce Brands Gen Z's Economic Impact Soars as Workforce Entry Boosts Spending Power to Over $1 Trillion Survey Reveals 84% of Americans Fear Cybersecurity Risks in Online Banking This research comes at a time when cybercrime is top of mind for retailers as well as consumers. It follows a report from that polled over 1,000 U.S. consumers about online banking and found that 84 percent of respondents said they are worried about cybersecurity. This shift occurs as the total number of cyberattacks in the retail sector has jumped 56 percent. 'This puts retail in the top five industries targeted by cybercriminals,' the report's authors said, adding that the average cost of a single retail data breach 'reached $3.48 million in 2024, an 18 percent increase from 2023.' 'Our research reveals a critical shift in how cybercriminals are now prioritizing credential theft over payment card data,' said Stu Sjouwerman, chief executive officer of KnowBe4. 'Stolen credentials allow immediate access to personal accounts, bypassing security measures like passwords and two-factor authentication. The good news is that organizations implementing frequent security awareness training are seeing dramatic improvements, demonstrating that human risk management must be a core component of any retail organization's security strategy.' The growth of cybercrime has a lot to do with how consumers shop. The report noted that more than 62 percent of all purchases are made with a credit or debit card. 'When a customer uses a card to make a retail purchase, whether online or in store, they are entrusting that retailer with their credit card and other personally identifiable information (PII), including their name, address and phone number,' the report stated. 'If they access their account on the web or through the store's point of sale (POS) system, the retailer also has their past purchasing information and tracking data including any changes of addresses, and other addresses they have sent packages to.' Consequently, KnowBe4 researchers said it should come as no surprise that the retail sector has become 'a nearly irresistible trove for a growing number of cybercriminals. Unfortunately, new AI tools have not only enhanced the abilities of experienced cybercriminals, but also given state-of-the-art intrusion methods to relatively unskilled or novice attackers.' Digging deeper into the research showed that North America's retail sector experienced the highest percentage of cyberattacks with 56 percent, while Latin America experienced the second highest at 32 percent. Europe experienced 11 percent of attacks. The report also noted that the U.S. retail sector accounted for 45 percent of global ransomware attacks 'despite representing only 28 percent of market share, making retail the second most targeted sector.' To combat these crimes, retailers need to reduce the 'human risk' factors, which include workforce education of phishing tactics and other measures. 'Conducting security awareness training and simulated phishing evaluations for one year or more can reduce the likelihood of employees falling for phishing attacks for organizations of all sizes,' the report's authors said, adding that there is a significant impact of security awareness and education. Training on employee susceptibility to phishing attacks dropped from 42.4 percent to just 5.2 percent in large retail organizations, 'while small and medium-sized retailers saw similar improvements, with rates dropping to 4.7 and 4.5 percent, respectively, after one year of continuous training.' Best of WWD Retailers Leverage First Insight for ESG Alignment What Steph Curry's Sneaker NFTs Can Teach Fashion Year in Review: Brands, Retailers Go Hyper-digital in a Challenging Landscape
