This spotlight delivers an overview of the latest cyber risks impacting the industry, including recent incidents, and emerging threat vectors. We also highlight our specialised insurance solutions designed to address the unique cyber vulnerabilities faced by organisations in these sectors. Read more from our insights to help enhance your organisation’s cyber risk management approach.
What cyber incidents have we seen from the retail, leisure and hospitality industry?
In May 2024, a hacking group called ShinyHunters accessed and stole data of over 560 million users by accessing systems of a large event ticket retailer through a cloud database hosted by a third-party service provider. According to the impacted company, the database contained personal information of certain customers who bought tickets to events in North America. The company issued a notice on their website and offered 12 months free credit-monitoring service to impacted individuals. The hacking group reportedly responsible for the attack is said to have sought USD 500,000 for personal data of 560 million users on hacking forums.
Read more here keyboard_arrow_right
The LockBit ransomware group claimed they were behind the attack on a Canadian pharmacy chain and have threatened to publish stolen data online following failed negotiations to pay USD 25 million ransom. The chain has since confirmed they hired third-party cybersecurity experts to conduct forensic investigation and found no evidence that their customer databases were compromised.
Read more here keyboard_arrow_right
In May 2024, an American high-end department store chain learned that an unauthorised third party gained access to a cloud database platform used by their business. They determined that the unauthorised third party obtained certain personal information stored in the database platform. The data included names, contact information, dates of birth, store gift card information, transaction data, partial credit card numbers, partial Social Security numbers, and employee identification numbers.
Read more here keyboard_arrow_right
A database of over 2.8 million records has been posted to a hacker forum along with a claim they originated from a March 2024 hack at Canadian retail chain.
In March, one of retailer‘s vendors, a company used to manage customer communications and engagement, suffered a cyber-attack, which impacted the retailer, as reported by online news outlets.
The company first learned of the security incident on March 4, 2024. On April 12, the database appeared on hacker forums. The records contain over 2.8 million unique email addresses, names, phone numbers and physical addresses. Subsequently, breach notices have been sent out to affected individuals. It has been reported that the impact on the customers will depend on their buying behaviour (e.g. home addressed leaked where the buyer elected home delivery over in-store pick up).
Read more here keyboard_arrow_right
On 19 July 2024, American cybersecurity company CrowdStrike distributed a faulty update to its Falcon Sensor security software that caused widespread problems with Microsoft Windows computers running the software. A number of organisations globally were effected by the incident and remained down for a number of hours, resulting in an interruption to business. Given the widespread use of Microsoft solutions, the incident ultimately impacted a wide range of industries, including, retailers and companies from leisure and hospitality sector. This incident signalises the importance of focus on non-malicious perils such as human error or system failure in cyber policies.
Read more here keyboard_arrow_right
A software firm serving car dealerships across the US that was roiled by a cyberattack in June appears to have paid a USD 25 million ransom to hackers as multiple sources reported to popular news outlets . The company impacted in this incident was infected with ransomware taking many of its core systems offline. As the company is a trusted provider of software services to as many as 15,000 organisations in the automotive industry, the ransomware impact was severe and resulted in weeks of downtime for many entities utilising their services. Notably, the reported USD 25 million refers only to ransom paid, with the severity of other cyber losses related to this incident remaining unknown. Reportedly, the cryptocurrency account that sent the ransom payment is affiliated with a firm that helps victims respond to ransom attacks, one of the sources said, declining to identify the firm.
Read more here keyboard_arrow_right