Online Retailing Site Warns Users On Security Breach

By Author: eccuni
Total Articles: 211
Comment this article

Recently, online retailing site, play.com alerted users on a security breach incident, which resulted in the disclosure of names and e-mail addresses of thousands of customers. The alleged security breach took place at a third party service provider, which handles marketing communications for the retailing site. The online retailing site sells music, videos and games. The third party has been identified as Silverpop, which suffered security breach during December 2010. The online retailer has denied any compromise of financial information associated with the customers.

The alert from the online retailing site came after several customers complained of receiving spam and phishing e-mails. Netcraft.com reported that customers received cleverly crafted but fake e-mails appearing to come from Adobe. The e-mails contained a link luring customers to upgrade Acrobat Reader. The link redirects to a malicious site. However, many browsers have blocked the site and warn users that site has been reported as web forgery. When unwary users proceed to access the site, ignoring the security warning by the web browser, they are offered ...
... a fake link to download Acrobat Reader and asked to enter the payment details. The phishing site would then compromise the financial information provided by the unwary users.

Lapses in IT security provide opportunity for cybercriminals to gain unauthorized access to privileged databases containing sensitive information. The extracted information could be misused for sending spam e-mails and initiating targeted attacks on Internet users. The collected information could be used to devise cleverly crafted e-mails containing malicious links and attachments. Data breach incidents may have adverse implications on customers as well as organizations. Security professionals could be encouraged to undertake refresher courses and online university degree programs to improve data protection and information security practices in the organization.

Customer trust is crucial for continued and successful business operation. Security breach incidents lead to loss of customer trust and reputation. Security breach incidents may also have legal implications for the business and attract adverse media exposure. As such, organizations must take adequate steps to ensure information security. They must also ensure that third party service providers have adequate IT security measures in place to ensure integrity, security and confidentiality of customer information. They must conduct regular security audits to test the effectiveness of security measures. Access to computers containing privileged information must be restricted to select authorized employees. As cybercriminals may use social engineering techniques and social media sites to defraud users, employee use of social media sites must be restricted and regularly monitored. Organizations must also have appropriate monitoring mechanisms in place to detect suspicious and unauthorized activity. IT security policy must be enforced and violators must be given appropriate warning. Employees must be apprised of security threats, safe computing practices, and implications of data breach through training sessions, alerts, online degree and learning programs.

Regular in-depth security evaluation of the IT infrastructure through professionals qualified in IT programs such as masters of security science and penetration testing would help in timely detection and mitigation of weaknesses and threat vectors.