In this week's issue: Sally Beauty appears to have suffered a second data breach in nearly a year, there is belief that widespread EMV adoption in the U.S. could be delayed until 2020, UC Berkeley suffered a data breach exposing current and former students, the Hard Rock Casino in Las Vegas suffered a data breach lasting over 7 months and for this week's Rippleshot blog post, we take a look at the pressure retailers and organizations face as the pressure to adopt new payment technology puts cardholder security at risk.
News broke early Monday that beauty supplies retailer, Sally Beauty Holdings Inc., was investigating reports of suspicious activity involving payment cards that transacted with the retailer. At this time, Sally Beauty is still conducting its investigation with the help of law enforcement and third party forensic experts and have not identified the full scope of the breach.
This would be the second time in roughly a year that Sally Beauty has fallen victim to a data breach. In March of 2014, Sally beauty confirmed a separate data breach, affecting just under 25,000 payment cards across nearly all of the retailer's 2,600+ U.S. locations.
With the looming October 2015 deadline looming, some experts in the payments industry are skeptical of the widespread adoption here in the U.S. happening before the end of this year. Forrester Research issued a report in which they predict plastic EMV adoption will not reach expected levels in the U.S. until 2020 due to a variety of factors. These factors include alternative payment technology such as digital wallets and near-field-communication (NFC) payment systems as hinderances for widespread EMV adoption.
What does the 2015 EMV deadline mean for U.S. issuers, merchants and consumers? Download our latest white paper to learn more about the EMV roadmap and the expected impact post-EMV adoption.
Late last week, UC Berkeley officials announced that a web server on the school's campus was illegally accessed, compromising the sensitive information of current and former students. According to a campus announcement, UC Berkeley officials first learned of the data breach on March 14, with a start date going back to December 2014. The web server in question, located wihtin the school's Division of Equity and Inclusion, contained bank account numbers, Social Security numbers and other personal information of a small group of current and former students and other indibiduals.
UC Berkeley is in the process of notifying all those involved and will be offering a free year of credit monitoring services.
The Hard Rock Casino in Las Vegas announced that the company had been the target of a malware attack,compromising the personal and payment information of an undisclosed amount of customers. The Las Vegas casino reported the theft of its customers' names, mailing addresses and payment information that transacted at various bar, restaurant and retail locations within the casino. While the Hard Rock Casino is reproting that the compromise did not affect hotel or casino transactions, some security experts are voicing their concern regarding the timeline of the data breach.
In a statement by the casino, the data breach lasted from September 3, 2014 to April 2, 2015, lasting nearly 7 months before the breach was detected. The Hard Rock Casino did not mention how they were able to detect breach in their statement. At this time, it is unclear whether Hard Rock was able to detect the data breach through the assistance of law enforcement, an affected financial institution or on their own.
RIPPLESHOT CONTENT: PRESSURE TO ADOPT NEW PAYMENT TECHNOLOGY PUTTING CUSTOMER SECURITY AT RISK
According to Ponemon Institute and Experian’s Data Security in the Evolving Payments Ecosystem study, nearly 70% of respondents cited that pressure to support new payment technologies is putting customer data security at risk. Check out our key takeaways from the recently released survey.
SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.