The recent security attacks on large retailer groups such as Target (News - Alert) Corp and Nieman Marcus have opened serious questions about the safety of confidential data such as credit card information shared by customers.
Security breaches in e-commerce platforms have become the order of the day with massive data theft being reported on such platforms across the world. These attacks expose the challenges faced by retailers in ensuring the security of their networks and cast a shadow over the growth of ecommerce industry.
The FBI has now revealed that the hackers of Target Corp and Nieman Marcus got into their system by exploiting the vulnerability in the remote management software that is used to monitor and manage their global networks. The FBI Journal reveals that hackers reached Target’s network through a refrigeration contractor in Pennsylvania.
Sources close to the investigation also revealed that some other retailers who have been targeted by hackers have not yet revealed themselves in public, according to a report in The Wall Street Journal, but the FBI has not named these retailers.
Unveiling the details of the scam last month, luxury merchant Neiman Marcus said hackers stole the payment card information of some of its customers and made unauthorized charges over the holiday shopping season. This revelation came just weeks after Target reported a similar hacking on its customer database.
Security experts believe these scams are the masterminds of a large-scale hacking group targeting the flourishing e-commerce sector.
The latest report from FBI clearly indicates retailers are at risk of using software programs that do not withstand such security breaches.
Avivah Litan, a cyber-security analyst at Gartner (News - Alert), said the attack happened because Target did not segment its network properly. "It's very difficult to manage all these remote access accounts. It's very reasonable that Target thought it was properly protected," Litan said.
Officials warn that corporate networks should avoid linking databases that have nothing to do with each other—such as the air conditioning contractor and payment card data.
Edited by Rory J. Thompson