3 Famous Commerce Data Breaches You Might Not Know About And How To Avoid Becoming A Victim Of One william leen Follow Jul 11, 2019 · 6 min read

Recent Data Breaches Have Taken Center-Stage In The News, But There Have Been Many Others As Well

Facebook’s data breaches and privacy problems have taken center stage in the media over the past year and, as mentioned in our previous blog article, have caused many users to question whether they can trust the social media giant with their personal information. Perhaps these cases have become such popular talking points because of Facebook’s place in popular culture and the fact that more than 2.3 billion people use it every month. Around the same time as the famous Facebook/Cambridge Analytica scandal, U.S. consumer reporting agency Equifax suffered a terrible data breach which compromised the personal data of nearly half of the U.S. population.

This caused many people around the world to wonder if we had now entered the age of data breaches. As more and more people complete transactions online and share personal information on the internet, the world’s modern dependence on technologies that require us to provide our information in exchange for use of products has left many people wondering if data breaches are going to occur even more frequently in the future. However, what many don’t realize or at least don’t remember is that data breaches have been occurring regularly for some time now. Unfortunately, one of the industries that has been hit hard by data breaches is the commerce industry. It’s possible that you either knew about these breaches when they happened and have since forgotten about them, or that you never knew that they happened at all. So, let me inform you, or in case you forgot, remind you about a few of the worst commerce data breaches from the past decade.

3 Data Breaches In The Commerce Industry

eBay

We previously mentioned that some companies, including eBay, are providing a less secure system for buyers and sellers by not using blockchain technology, ultimately leaving them more susceptible to hacking and fraud. If you are worried about eBay being hacked, your fears may not be misguided because it has already happened. In late February or early March of 2014, hackers broke in to eBay’s system using the credentials of three of eBay’s corporate employees and found their way to the user database. The breach was discovered by eBay in early May 2014 but was not revealed to the public until a few weeks later because for a long time eBay “did not believe that any eBay customer personal data” had been compromised.

At the time eBay had 145 million users, and the company realized later that the personal data of all of their users had been impacted by the breach. Hackers stole a number of kinds of personal data, including encrypted passwords, names, email addresses, physical addresses, phone numbers, and dates of birth. eBay had to send emails to all of their users, which as you can imagine took quite a while, and asked all 145 million users to change their passwords via the company’s websites.

Due to its status as one of the largest data beaches to affect a company at the time, and the criticism that eBay faced for not notifying the public of the breach sooner, eBay faced investigations by three U.S. states and the U.K.’s information commissioner. A class action lawsuit was planned against eBay in response to the data breach, but it was later dismissed by the judge.

Zappos

In 2012 online shoe retailer Zappos, which is owned by Amazon, was the victim of a cyber attack that allowed a hacker to gain access to its network, including the personal data of 24 million Zappos customers. Entire credit card numbers were not impacted by the breach, but customer names, email addresses, phone numbers, and addresses. The hacker gained access to parts of the company’s internal network and databases through one of their servers. When referring to the data breach, Zappos Chief Executive Tony Hsieh said,

“We’ve spent over 12 years building our reputation, brand, and trust with our customers…I suppose the one saving grace is that the database that stores our customers’ critical credit card and other payment data was not affected or accessed.”

Even though the hacker did not access the database with critical credit card data, Zappos basically got lucky. It would have been entirely possible for the hacker to gain access to it. Unfortunately for Zappos, the fallout from the data breach is still ongoing and the incident appeared in the news again seven years later.

Since the data breach happened in 2012, customers have fought to be able to sue Zappos. An appeals court ruled that customers could continue to move forward with a lawsuit against the company, and Zappos appealed that decision. In March 2019 the Supreme Court of the United States ruled that the lawsuit could continue as well, officially ending deliberation. What is so alarming about data breaches is that they don’t only impact the customers of the company that is hacked, they have devastating consequences for the company that can cost millions of dollars and follow them for years. Both the company and their customers are victims in this instance, but every company can take active steps to prevent data breaches and have a security plan in place in case they do experience a data breach.

Target

The last of the three retail data breaches mentioned is the Target data breach of 2013. Customers who made purchases in U.S. Target stores from November 27th to December 15th 2013 were victims of a data breach. About 40 million customers were originally thought to have been victims, but that number has increased to 70 million over time. Customers’ credit and debit card accounts were impacted by the breach. In addition to the credit and debit card accounts that were stolen, 110 million sets of personal information, including email addresses and phone numbers, were also stolen.

Hackers were able to enter Target’s system through network credentials that were stolen from Fazio Mechanical Services, a third-party vendor and provider of refrigeration and HVAC systems. The initial break in was on November 15, 2013. The question is, why would Target provide external network access to an HVAC company anyway? At the very least, providing network access to third-party vendors is a major security risk and it’s surprising that Target would take a risk without recognizing the danger it posed to their systems.

In 2018, a computer programmer was sentenced to 14 years in prison for designing a program that helped hackers improve malware that was used in the 2013 Target data breach. Target was expected to pay an $18.5 million settlement to 47 states in connection with the 2013 data breach. However, the total cost of the data breach at that point, according to Target, was $202 million.

Don’t Become A Victim Of Data Breaches

There is an easy way to avoid becoming a victim of data breaches. Do all of your shopping online at the AllForCrypto marketplace. All payments are made with cryptocurrencies, so you won’t become a victim of a data breach like the Target breach. When people go shopping during the holidays to buy gifts for their family and friends, they don’t expect to have their identity stolen. We are preventing that threat by avoiding credit cards entirely.

Each of the three commerce data breaches, the eBay data breach, the Zappos data breach, and the Target data breach, had something in common. They all were vulnerable to attacks because they stored all of their customers’ personal data in centralized databases. By using a decentralized, distributed system, AllForCrypto is taking extra precaution to protect shoppers from cybercrime and other online threats. Don’t shop in fear of things that are out of your control. Shop in a safe and secure environment with AllForCrypto.

Are you an ecommerce merchant? Take advantage of the best rates around by selling your products with AllForCrypto. Avoid marketplaces where security is not a top priority, and prevent your business from becoming the victim of credit card chargeback fraud.