Exploit: Malware attack
Robert Dyas: Hardware store
Risk to Small Business: 1.554 = Severe
Payment card skimming malware was injected into the company’s online store and remained active for 23 days. The company, which provides DIY and home improvement products, hosts an online store as a critical component of its business while COVID-19 social distancing guidelines are in place. Before the breach was reported, the company was enjoying a significant boost in online sales, and this incident could encourage shoppers to take their business elsewhere. In addition to consumer backlash, the company will face regulatory scrutiny that could result in financial penalties.
Individual Risk: 1.416 = Extreme
This breach applies to shoppers who used the online store between March 7, 2020, and March 30, 2020. The payment card skimming malware captured customers’ personal and financial data, including their names, addresses, payment card numbers, expiration dates, and CVV numbers. Those impacted should immediately notify their financial services providers. In addition, they should enroll in credit and identity monitoring services to ensure that this highly sensitive information isn’t misused in other ways.
Customers Impacted: 20,000
How it Could Affect Your Customers’ Business: As COVID-19 keeps many people out of stores, providing a compelling online retail experience is a critical component of any businesses’ ability to remain competitive during this time. However, companies that can’t provide a secure buying experience are unlikely to keep up with the competition, making cybersecurity a bottom-line issue for companies both now and well into the future.