The retail sector has been among the worst performers in the access control arena for the past several months, as several domestic and international organizations have fallen victim to significant data breaches. Target has been labeled as the biggest single loss of data from a breach in history and the number of customers impacted continues to rise, while the threat of identity theft will also have a long-term residual effect.
While Target's was a big one, even smaller instances of breach have led to devastating consequences for the victimized firms, especially considering the incurred financial losses and significantly damaged reputations among current and prospective clientele. The worst part, from an analysis standpoint, is that most of these breaches could have been avoided had more advanced and intuitive security frameworks been in place, such as multi-factor authentication.
A beauty-filled mess
USA Today recently reported that the latest retailer to fall victim to a breach is Sally Beauty, which also happens to be one of the largest professional beauty product sellers in the world. According to the news provider, the retailer first discovered the breach on March 5, and is now stating that it does not believe more than 25,000 credit and debit card accounts were affected.
The event is currently under investigation by officials from the U.S. Secret Service, as well as Verizon, which has been a very active participant in similar studies throughout the past several years. The source noted that Sally Beauty operates roughly 2,800 stores internationally, most of which are located in North America.
"We take this criminal activity very seriously," officials from the firm exclaimed, according to USA Today. "We continue to work diligently with Verizon on this investigation and are taking necessary actions and precautions to mitigate and remediate the issues caused by this security incident. In addition, we are working with the United States Secret Service on their preliminary investigation into the matter."
In the coming weeks and months, it remains to be seen what caused the event from the start, as well as how many customers were actually impacted.
Something has to give
Businessweek recently argued that retailers might be getting lulled into a false sense of safety after hitting all of the major components of Payment Card Industry Data Security Standards, which is the major set of regulations that governs the sector. The news provider asserted that simple compliance does not translate to the most secure possible outlook, and retailers might need to look beyond these statutes to truly excel in access control and privacy issue avoidance.
In the Target event, investigators believe that the breach actually originated at an outsourced HVAC company that lost credentials to a thief who then used the information to break into the retailer's systems. Businesses that take a more comprehensive and straightforward approach to access controls will often be far more successful in driving down risk and improving overall functionality of systems.