Good detection, poor recovery as retail giants Intersport, Claire's & Icing hit by web skimming

News by Andrew McCorkell

Web skimming hackers Magecart have breached three retail web stores including sports shop Intersport and two of the largest retail chains on the planet, Claire’s and Icing, according to reports.

Hackers breached the websites and hid malicious code to record payment card details punched into checkout forms, according to reports from security companies Sanguine Security and ESET.

The companies hit were United States based jewellery and accessory behemoth Claire’s, sister brand Icing as well as a sports retailer Intersport.

Chris Hauk, consumer privacy champion at Pixel Privacy said data skimming attacks like these underscore the need for online shoppers to remain ever vigilant.

Hauk said: “I strongly recommend all online shoppers to pay close attention to their monthly statements, monitoring them for suspicious charges. Users should also set up alerts on their credit and debit cards when available, and invest in credit monitoring, which will alert you to skimming incidents like these, as well as more traditional data breaches."

Martin Jartelius, CSO at Outpost24 said that what was most noteworthy was that the Intersport site “got breached, remained breached for a few days, recovered and then got breached again”.

Jartelius added: “This is a behaviour we have also observed during some Red Team engagements, where monitoring and operations may be in place to recover from unexpected events, but there is a hiccup in the process and security is not brought in. In some cases, operators have been able to reuse the same system for repeated entry into organisations.

“This is a case of working detection but broken recovery, and at best, we as a community can gain from this if others look at this and learn. If there is an unexpected change, and you recover from it – ensure to find out why the unexpected change occurred."

The Claire's website was breached between 25 to 30 April, along with sister-brand Icing, according to Sanguine Security's Willem de Groot, while antivirus maker ESET said the website for Intersport was also compromised.

Raif Mehment, VP EMEA, from Bitglass said that payment card-skimming malware continues to be a security challenge for retailers around the globe.

Mehment added: “British Airways, Newegg, and now Claire’s have all been victims of Magecart’s malware, highlighting the need for security solutions which monitor for vulnerabilities and threats, across all devices and applications, in real-time.

“With these capabilities, retailers can be proactive in detecting and thwarting breaches before they happen, ensuring that their customers’ sensitive information is protected."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews