There are many hacks that span years before the server owner realizes or admits that his server has been attacked. This is a difficult issue that politicians are attempting to dump onto server owners but it does little to stop repeats of this type of attack and nothing for all of those who have had sensitive information stolen. BSD Ed.
United States based kitchen utensil manufacturer OXO International disclosed a data breach that spans numerous periods over two years. This breach notification states that customer and payment information may have been exposed and further research indicates this was most likely a MageCart attack.
Commenting on the news is Felix Rosbach, Product Manager at comforte:
“This is yet another example of what we’ve been seeing for years now. If you have to manage an enterprise with a complex network, complex web pages and an ever-expanding attack surface, it’s becoming exceedingly difficult to protect yourself against targeted attacks. This is especially true for online retailers, which not only process a huge amount of data but also need very sensitive data to process orders and online payments. Unfortunately, this makes online retailers a very attractive target for threat groups and hackers.
The famous quote, “know your enemy and know yourself, then you will not once be defeated in a hundred battles” sounds good in theory, but in practice, it seems to be impossible to know your enemy at all. Hackers always seem to be one step ahead. In addition, most companies are shocked when they find out that the average time it takes to detect a breach is 170 days. Nowadays it seems to take even longer when looking at the most recent breaches – meaning OXO is not alone – stating that the breach may have exposed customer information over the course of two years.
Bearing that in mind we have to conclude that cybersecurity is not only about preventing breaches. More importantly, you must protect the data & privacy of your customers by protecting their data at the earliest possible stage. Furthermore, it is important to have a well-trained incident response team that is prepared to react whenever a breach happens.”