News has broken that Superdrug has become the latest high street chain to be targeted by hackers holding customer data to ransom. According to the store, hackers contacted them on Monday evening saying they had obtained details on approximately 20,000 customers.
In response to this, Sam Curry, Chief Security Officer at Cybereason, said "The biggest issue with the possible breach of private information from Superdrug customers is that this is another blow to our collective privacy. There is a laundry list of names of the biggest corporations in the world that have been dealt a collective knock down over the years whether it be Equifax, Anthem, Target, Heartland or eBay, to name a few.
"We know the list of companies suffering breaches where personal information of their customers was compromised is in the thousands. The reality is that the cost to gain information on consumers has plummeted and should be at the forefront of the debate. Today, every consumer should be working under the assumption that their personal information has been compromised many times over, and the latest Superdrug hack is a reminder that they should watch their identities and credit for abuses."
Ryan Wilk, vice president at NuData Security, added “Although happily, payment data was not exposed, the personally identifiable information held hostage can easily fuel synthetic identity fraud and identity theft. With these types of fraud, personally identifiable information such as name, address, or date of birth are traded on the dark web to steal a real identity or construct an entirely new fraudulent one for theft.
“This is why retailers, along with eCommerce organisations, banks, and financial institutions are layering in multi-layered security strategies using passive biometrics and behavioural analytics. These technologies can’t prevent system breaches but can protect companies from post-breach damage, as they identify users based on data beyond their personally identifiable information, which can’t be stolen.”