Three companies recently acknowledged that hackers had accessed significant amounts of their customers' data -- including, in some cases, both passwords and payment card information.
Outdoor work gear and equipment retailer Bailey's recently began notifying 250,000 customers that their personal and payment card information may have been stolen from the company's website, SC Magazine reports.
From December 2011 until January 2016, an attacker or attackers accessed customer names, credit card numbers, CVV numbers, expiration dates, mailing addresses, phone numbers, email addresses, user names and passwords, Bailey's said in a statement [PDF].
"Please note that we have taken immediate steps to prevent a reoccurrence," the company stated. "In this regard, we have (1) replaced our servers; (2) enhanced our firewalls; (3) integrated mandatory changes with respect to our passwords and (4) integrated new software into our website."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Online florist 1-800-Flowers.com recently began notifying customers that during a 33-hour period from the evening of February 15th to the early morning hours of February 17th, customers' personal and payment data may have been accessed by an attacker.
The information potentially accessed includes customer names, mailing addresses, email addresses, payment card numbers, expiration dates and CVV codes. According to SC Magazine, approximately 7,000 customers may be affected.
"The access permitting the potential exposure ... has been resolved," company vice president Bibi Brown wrote in a notification letter [PDF] to those affected. "We are continuing to work closely with leading security experts to identify and implement measures to further strengthen the security of our system to help prevent this from happening in the future."
And Florida-based Rosen Hotels & Resorts recently announced that an unauthorized person had installed malware in its payment card network, which may have collected the names, payment card numbers, expiration dates and CVV codes for cards used at Rosen Hotels & Resorts between September 4, 2014 and February 18, 2016.
"Together with our third party cyber security expert, we have worked tirelessly to contain and address the incident," Rosen Hotels & Resorts vice president and chief financial officer Frank Santos said in a statement [PDF]. "Additional enhanced security measures have been implemented to help prevent this from happening again."
Netsurion CEO Kevin Watson told eSecurity Planet by email that breaches like these should serve as a strong reminder to any company that isn't taking steps to secure customer and business data. "It’s troubling to see another malware attack be so successful -- and even more troubling that it persisted over a prolonged period of time without being detected," he said. "If you’re a business owner, making security your number one priority is in the best interest of your customers and your brand, too."