Over 4,000 online retailers have been warned that their websites had been hacked by cyber criminals trying to steal payment information and other personal information from customers.
In total, the National Cyber Security Centre (NCSC) has identified a total of 4,151 retailers that had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. They alerted the retailers to the breaches over the past 18 months.
The majority of the online shops that cyber criminals exploited for payment-skimming attacks were compromised by known vulnerabilities in e-commerce platform Magento. Most of those affected and alerted to the compromises and vulnerabilities are small and medium-sized businesses.
The NCSC revealed the number of businesses it has notified about customer data being stolen ahead of Black Friday. It is urging all retailers to ensure that their websites are secure ahead of the busiest online shopping period of the year in order to protect their business – and their customers – from cyber criminals.
“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period,” said Sarah Lyons, deputy director for economy and society at the NCSC. “Falling victim to cybercrime could leave you and your customers out of pocket and cause reputational damage.”
One of the key things that online retailers can do to help prevent payments and personal data being stolen is to apply the available security patches that stop cyber criminals from being able to exploit known vulnerabilities in Magento and any other software they use.
“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” said Lyons.
Applying security patches in a timely manner is just one of the things recommended by the NCSC’s and British Retail Consortium’s Cyber Resliance Toolkit For Retail. This kit was released in October 2020, but the information on keeping websites secure from cyberattacks is still very much relevant today.
“Skimming and other cybersecurity breaches are a threat to all retailers,” said Graham Wynn, assistant director for consumer, competition and regulatory affairs at the British Retail Consortium.
“The British Retail Consortium strongly urges all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end-of-year period.”
The compromised shopping websites were identified as part of the NCSC’s Active Cyber Defence programme, which has been monitoring for vulnerabilities that could impact online retailers since April 2020.
The NCSC has also reiterated advice to consumers on how to stay safe when shopping online. The advice includes being selective about where you shop, only providing necessary information, ensuring the payment system used is protected, and keeping online accounts secure.