Retail, F&B breaches spell cyber risks heading into holiday season

Despite increasing cyber risks, the holiday day season spells good sales for the retail and F&B industry, both online and offline.
16 November 2021


As the holiday season approaches, cyber risks are rising as well. For cybercriminals, the holiday season makes for the perfect time to strike gold, and wreak digital havoc on both businesses and consumers alike.

While post-pandemic lifestyles are resuming in some countries, many consumers still prefer to do their shopping online. From Christmas presents to Thanksgiving turkeys to weekend groceries, the retail and food and beverage (F&B) industries are hoping the holiday season will find them in better profit margins compared to the previous year.

But as the holiday season rolls around, there are still some shoppers who want to go to stores and do their purchases. Unfortunately, the cyber risks are still high for them, as offline shopping exposes users to unique cyberthreats and even if not, cybercriminals can always find ways to cause problems. Such was the case at big-box retailer Costo.

Costco suffered a data breach after finding a payment card skimming device in one of its warehouses. The breach was discovered during a routine check conducted by its personnel. A skimming device is often rigged to the card reader of an ATM or credit card machine. An unsuspecting user will enter their card into the ATM or swipe the card on the credit card machine, not knowing that the device attached to the slot that has gone unnoticed or was ignored, has recorded their payment card data.

The American big-box store reported that cybercriminals would likely have gotten access to information stolen from those who swiped their cards on the device. Costco has since advised customers to monitor their bank and credit card statements for fraudulent charges and report suspicious transactions to relevant financial institutions.

TechHQ reached out to cybersecurity experts to get their views on the breach at Costco. According to Niamh Muldoon, Global Data Protection Officer at OneLogin, the important thing is to highlight that the individuals of these payment services control access to their card services along with the eCommerce sites where they store their payment card services details.

“In the EU/EEA region, strong customer authentication is now a regulatory requirement so those offering payment services need to support the end-users/customer by providing them with strong customer authentication set out by the regulation and this is multi-factor authentication.”

For Pixel Privacy’s consumer privacy champion Chris Hauk, this is a somewhat unusual case of credit card skimming, as the article indicates the skimmer was located in the warehouse club building. Usually, skimmers are placed on gas pumps, as it is tougher to modify a card reader inside of a store.

“In cases like this, all customers who have shopped at that Costco location should call their credit card issuer to receive a new card (this is a good idea, even if they haven’t received a notice from Costco). They should also keep a close watch on their credit card charges for any questionable purchases or transfers. They should also be aware of scammers who may try to contact them posing as law enforcement or Costco officials.”

cyber risks


Cyber risks offline and online

Meanwhile, food production giant Schreiber Food had its plants and distribution centers offline recently after a ransomware attack took down their systems as well. Schreiber Foods mostly focuses on yogurt, processed and natural cheese as well as cream cheese.

Reports state that the attack disrupted the entire milk supply chain because Schreiber uses a variety of digital systems and computers to manage milk processing. The company has thousands of employees and reports billions in sales each year, with locations across Europe and South America.

Across the Atlantic, Spanish beer maker Damm halted output at its main brewery outside Barcelona after a cyberattack hit its computer systems. Reuters reported that the brewery cyberattack caused the plant to be “entirely paralyzed” for a few hours. The plant is Spain’s second-largest beer producer, with up to 7 million hectolitres of beer produced a year.

Earlier this year, global meat processor JBS experienced a malware attack that affected its operations in North America and Australia. While JBS had backup servers to recover from the attack, several of its plants were forced to shut down for two to three days.

The reality is, the F&B and retail industry will be facing increasing cyber risks as the holiday season approaches. Organizations in these industries need to ensure they take adequate measures to not just protect their business, but their customers as well.

Many of these companies will most likely face mounting attacks in the weeks to come. And they need to be prepared with it. The F&B industry for example can check their systems for any vulnerabilities and update their security patches now itself. On the other hand, the retail industry should check if they have sufficient backup systems in place, should their networks be compromised.

Consumers should also be vigilant when buying products, both offline and online. For those using credit cards in stores, they might want to consider using digital wallets or other payment methods as well. Either way, by practicing smarter and safer shopping habits, consumers can cut down their threat of cyber risks as well.