Security Affairs

JANUARY 11, 2025

“On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.” After discovering the security breach, the company investigated the incident and notified law enforcement.

Data breaches

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

However, industries reliant on shared devices—such as healthcare, retail, and manufacturing—face unique challenges. Similarly, in retail and manufacturing, delays caused by authentication procedures reduce overall efficiency. These fast-paced environments need a more flexible approach to balance security, speed, and user privacy.

Authentication

SecureWorld News

MAY 28, 2025

In early May 2025, two of the United Kingdom's best-known grocers, Marks & Spencer (M&S) and the Co-op, as well as luxury retailer Harrods, were struck by sophisticated social-engineering attacks that tricked IT teams into resetting critical passwords and deploying ransomware across their networks. retail industry.

Retail

eSecurity Planet

JULY 14, 2025

According to TechRepublic, the FBI said these hackers have been “convincing help desk staff to bypass multi-factor authentication (MFA) protections by registering rogue MFA devices on compromised accounts.” Insurance and payroll firms also breached Beyond airlines and retailers, insurance and benefits providers are also under siege.

Insurance

Security Affairs

MAY 15, 2025

Exposed data included contact details, partial SSNs and bank info, ID images, account history, and limited internal documents. Compromised data includes: Name, address, phone, and email; Masked Social Security (last 4 digits only); Masked bank-account numbers and some bank account identifiers; GovernmentID images (e.g.,

Data breaches

Malwarebytes

APRIL 16, 2025

Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior.

Internet

The Hacker News

JUNE 20, 2025

When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation.

Retail

Graham Cluley

MAY 7, 2025

The UK's National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts. Read more in my article on the Exponential-e blog.

Retail

SecureWorld News

FEBRUARY 14, 2025

If you spot an offer and need to verify it, go back to the original retailer's website instead of clicking through links," Machin said. If you are in a C-suite role, you need to be engaged, informed, and accountable for what you are personally responsible for," Machin said.

Scams

Security Affairs

JUNE 28, 2025

In many cases, threat actors employed methods to bypass multi-factor authentication (MFA), by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts. In May, Google warned that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S.

Social Engineering

Jane Frankland

MAY 3, 2025

Then, the focus of cyber attacks on retailers, and what lessons must be learned by business leaders and customers. These hackers, often part of loosely affiliated communities like “The Com,” use innovative methods and target industries like retail, telecoms, and finance for maximum impact.

Cyber Attacks

eSecurity Planet

MAY 16, 2025

These insiders abused their access to customer support systems to steal the account data for a small subset of customers, Coinbase said in a blog post. Masked bank account details and identifiers. Account data, including balance snapshots and transaction history. What was stolen? Government-issued ID images.

Social Engineering

SecureWorld News

JULY 28, 2025

These attacks are especially alarming for industries that depend on high availability, such as airlines, transportation, and retail, where even a short outage can result in millions of dollars in losses. He noted that the group is no longer focused on quick account takeovers, but rather full infrastructure compromise.

Social Engineering

Security Affairs

MARCH 30, 2025

These stores operate on a bulk retail model, offering members discounted prices on a wide range of products, including electronics, clothing, food, and household items. This represents a significant portion of Walmart’s overall earnings, as Sam’s Club accounts for about 13% of Walmart’s consolidated net sales.

Ransomware

Webroot

MAY 9, 2025

Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. The goal is to get you to give up sensitive personal details that can be used to hack into your accounts, and they are alarmingly successful.

Scams

Security Affairs

JULY 24, 2025

Retail: the retail sector is a data-hungry powerhouse that needs personalized preferences to target customers effectively. Furthermore, the constant growth in data breaches and the requirement for zero-trust architectures are further boosting the use of DSPM.

Marketing

Security Affairs

JUNE 30, 2025

Ahold Delhaize is a Dutch-Belgian multinational retail and wholesale holding company. A ransomware attack on grocery giant Ahold Delhaize led to a data breach that affected more than 2.2 million people. A ransomware attack on Dutch grocery giant Ahold Delhaize has led to a data breach affecting over 2.2 million people.

Data breaches

Malwarebytes

APRIL 24, 2025

It’s how tap-to-pay machines found in retailers and ATMs work their magic. The telephone number connects the victim to the attacker, who then persuades them to give up their PIN and log into their bank account. This enables your phone to read the data on a supporting payment card when it comes close enough.

Malware

Webroot

APRIL 22, 2025

Financial services industry: Banks, insurance companies and other financial organizations offer a wealth of opportunity for hackers who can use stolen bank account and credit card information for their own financial gain. They can open accounts in your name, apply for loans, and even file false tax returns.

Data breaches

Malwarebytes

FEBRUARY 4, 2025

And yet, if artificial intelligence achieves what is called an agentic model in 2025, novel and boundless attacks could be within reach, as AI tools take on the roles of agents that independently discover vulnerabilities, steal logins, and pry into accounts. These are real threats, but they are not novel. The truth is that AI is here to stay.

Artificial Intelligence

SecureWorld News

JULY 17, 2025

By the end of the call, she had authorized $25 million in transfers to overseas accounts. Banks have reported instances of "synthetic clients" applying for loans or accounts using AI-generated IDs and deepfake selfies to trick remote verification processes. Consumer and retail banking frauds: It's not only big corporations at risk.

Banking

SecureWorld News

MAY 12, 2025

The Order stresses that the retailer "would have known" about these configuration issues on the site "had it been monitoring its website, but [the retailer] instead deferred to third-party privacy management tools without knowing their limitations or validating their operations."

Retail

Zero Day

JUNE 22, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. Here's how to check if your accounts are at risk and what to do next.

Passwords

Security Affairs

JULY 28, 2025

The cybercrime group Scattered Spider (aka 0ktapus , Muddled Libra , Octo Tempest , and UNC3944 ) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. Key mitigations include prohibiting phone-based resets for privileged accounts and hardening sensitive systems and documentation.

Social Engineering

SecureWorld News

AUGUST 11, 2025

BlackSuit also targeted manufacturing, technology, retail, and government organizations—industries that may have provided richer logging data to strengthen the case for a takedown. Measures include securing privileged accounts, locking down lateral movement tools like PowerShell, and limiting Domain Admin privileges.

Ransomware

Security Boulevard

APRIL 16, 2025

Medium severity patches accounted for the bulk of security patches at 54.5%, followed by high severity patches at 32.3%. of the total patches, followed by Oracle Hyperion at 43 patches, which accounted for 11.4% of the total patches, followed by Oracle Hyperion at 43 patches, which accounted for 11.4% of the total patches.

Financial Services

Security Affairs

JUNE 12, 2025

“It’s no surprise that the Telecommunications sector accounts for the majority of exposed cameras we found. Exposed feeds include private residences, retail shops, public transport, and patient areas—revealing a wide-scale risk from improperly configured surveillance systems across all sectors.

Hacking

Responsible Cyber

NOVEMBER 23, 2024

Industries most affected by these breaches include healthcare, finance, and retail, where sensitive data is routinely shared with vendors for operational efficiency. The healthcare sector has been particularly hard-hit, accounting for over 30% of the total breaches.

Risk

Centraleyes

AUGUST 9, 2025

Recent supply-chain breaches in other sectors—such as retail, insurance, and higher education—have shown that attackers increasingly target service providers that aggregate customer data across multiple organizations. In the context of operational resilience, the event is a reminder that security strategies must account for indirect exposure.

Insurance

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Consumers remained the primary target of financial cyberthreats, accounting for 73.69% of attacks. Mamont was the most active Android malware family, accounting for 36.7% million detections compared to 5.84

Phishing

Security Affairs

MAY 13, 2025

M&S is a major British multinational retailer headquartered in London. However, importantly, the data does not include useable card or payment details, and it also does not include any account passwords.” The company did not share technical details about the attack.

Data breaches

Zero Day

JULY 12, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. To begin, the setup of Windows is a time-consuming pain.

Energy and Utilities

Digital Shadows

DECEMBER 5, 2024

One data-leak post involved a US retailer that was recently acquired by another, sharing dates of birth, email addresses, credit card data, and IP addresses for free (see Figure 1). By contrast, the finance and insurance; professional, scientific, and technical services (PSTS); and retail trade sectors accounted for 8% each.

Cybersecurity

BH Consulting

APRIL 16, 2025

She clearly emphasised that although retail, finance and operational technologies are rapidly adopting AI, human expertise remains irreplaceable. She spoke passionately about how AI is the most transformative force of our time, reshaping industries, governance models, and the future of cybersecurity.

Risk

Thales Cloud Protection & Licensing

OCTOBER 16, 2024

According to Imperva’s State of API Security in 2024 report, APIs—the rules allowing software applications to communicate with each other—now account for a staggering 71% of internet traffic. Businesses, particularly those in financial services, healthcare, and retail sectors, suffer from operational disruptions and financial penalties.

DDOS

SecureWorld News

NOVEMBER 4, 2024

Enter the Texas Responsible AI Governance Act, or TRAIGA, with Texas's unique style of doing business—balancing innovation with accountability, consumer empowerment, and a good ol' dash of no-nonsense enforcement. With expanded accountability and regular assessments, some companies might find compliance demanding. Likely the former.

Government

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Cloud services alerts increased by 20% due to rising cloud account usage, while malicious file alerts in phishing attacks remain high, exploiting users’ tendencies to open files.

Cyber Attacks