Macy\'s Security Breach PDF

Preview

Summary

Security breach...

Description

Part 1: Macy’s Security Breach 1. Macy’s is a massive retail store that got hacked by a cybercrime group called Magecart. Macy’s security team found out that there was a security breach that targeted their customers information and payment card details. They essentially experienced a web skimming attack (Constantine, 2019). 2. Magecart targeted the checkout process online because that is where customers input their credit card information. When customers heard this, they immediately drewback from Macy’s and their stock price fell 11% from the news. This also affected Macy’s sales as it was right around the Christmas season. Macy’s thankfully said that only a few customers were impacted (Lindsey, 2019). 3. Regarding legal issues, Magecart is a cybercrime and has not been caught, but what they did was against the law when they got access to customer’s private information and credit card details. Ethically speaking, hacking companies solely for the purpose to steal people’s information and credit card information is wrong, and they did not ask employees about their religion, politic views, or any other ethical questions through email, but instead they used a highly advanced skimmer specifically designed for Macy’s payment process page. 4. First, they can improve their cyber security protections on their website. Next, establish policies that confirm their internet-facing infrastructure is configured securely and soundly that is up to date. Next, restrict and crack down on third-party vendors from accessing valuable and sensitive data. Finally, they can ask and suggest their customers to change their passwords regularly. 5. Magecart was able to gain access to their customer’s information by creating a highly customized skimmer that was designed specifically for Macy’s checkout process website page. Macy’s was able to catch on quick that they had been cyber attacked when they recognized suspicious activity in their web page and they immediately contacted forensic firms and law enforcements. I think this could have been prevented in the first place by user awareness policy and a web protection software that is updated regularly. Having secured devices can prevent skimmers from sensitive data. User-awareness is very helpful because “ultimately cybersecurity is backed by solid policies and procedures, and employee cooperation” (Bradbury, n.d.). Educating employees and what information to give is vital to preventing security breaches. Strong and secured devices for Macy’s software is important because “7% of US population’s personal details were stolen, are said to have happened via malware infection” (Bradbury, n.d.). Once strong policies are in place that educate employees on cybersecurity, and secured devices are established, then Macy’s should see an improvement on cybersecurity.

References

Constantin, L. (2019, December 19). Macy’s breach is a game-changing Magecart attack. CSO Online. https://www.csoonline.com/article/3510643/macys-breach-is-a-game-changingmagecart-attack.html

Macy’s Experiences Data Breach Before Start of Holiday Shopping Season. (2019, November 28). CPO Magazine. https://www.cpomagazine.com/cyber-security/macys-experiencesdata-breach-before-start-of-holiday-shopping-season/

How to protect your business from hackers. (2015, July 23). The Guardian. https://www.theguardian.com/media-network/2015/jul/23/protect-business-securitythreats...