ZDNet: Caribou Coffee chain announces card breach impacting 239 stores. “US coffee store chain Caribou Coffee announced a security breach today after it discovered unauthorized access of its point of sale (POS) systems. The company listed 239 stores of its total 603 locations as impacted, which roughly amounts to 40 percent of all its sites.” The breach took place between late August and early December — over three months — and it looks like the breach could have gotten all credit card details.
EurekAlert: Social media data used to predict retail failure . “Researchers have used a combination of social media and transport data to predict the likelihood that a given retail business will succeed or fail. Using information from ten different cities around the world, the researchers, led by the University of Cambridge, have developed a model that can predict with 80% accuracy whether a new business will fail within six months.”
ZDNet: Canadian retailer’s servers storing 15 years of user data sold on Craigslist. “A security researcher has found customer and employee data belonging to one of Canada’s biggest PC hardware retailers on servers put up for sale on Craigslist. The data, believed to go back as far as 15 years, belongs to NCIX, a PC retailer that filed for bankruptcy and closed shop in December 2017. The massive privacy breach appears to have taken place after the retailer closed its stores last year and retired old servers and employee workstations.”
From Medium with a serious disclaimer: P.F. Chang’s Security Flaw revealed, following Panera Bread’s leak. “The morning of April 4th, I woke up to news reports of Panera’s Bread security flaw and the possible data exposure it could have caused, as featured on Krebs on Security, Dylan Houlihan’s original post, and numerous other news sites. Little did I know, merely 2 days after Panera Bread’s public disclosure took place, would I be discovering a similar and equally serious vulnerability on one of my favorite restaurant chains’ website — P.F. Chang’s.”
CNET: Delta, Sears, Kmart hit by data breach: What you need to know . “Heads-up: If you bought plane tickets from Delta, tools from Sears or household goods from Kmart between Sep. 26 and Oct. 12 last year — and you did it online — your name, address and credit card numbers may have been exposed at those companies’ websites.”
New York Times: Card Data Stolen From 5 Million Saks and Lord & Taylor Customers. “Saks has been hacked — adding to the already formidable challenges faced by the luxury retailer. A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month.”
VR Scout: Walmart Acquires VR Startup to Develop ‘Immersive Retail Environments’. “The world’s largest company by revenue and the United States’ biggest supplier of jobs has just made a major investment in virtual reality commerce. Walmart has agreed to purchase a little-known VR startup called Spatialand for an undisclosed amount. Spatialand creates tools that let content creators transform their 2D work into immersive VR experiences.”