Avoiding Data Breach penalties
Thanks to GDPR the negative impact of a significant data breach is now even greater.
For example, the recent British Airways Magecart data breach resulted in a fine from the ICO of £183 million.
British Airways were hacked for around 16 days with 380,000 customers affected. Other high-profile Magecart hacks in recent months include:
- Newegg, compromised for over 1 month
- Ticketmaster, hacked for 9 months and with 40,000 customers impacted
- Discount Mugs‘ website breached customer data for over 4 months
The financial damage of a Magecart data breach attack could be significant. According to GDPR, fines could be $20m or 4% of turnover.
How do Magecart Data Breaches occur?
- Live chat or customer support
- Traffic analytics
- Payment processing
- Review or comment add-ons
Third party files might appear to be completely harmless, but as soon as they are loaded on your website they have the capability to capture and send data.
Many data breaches continue for weeks or months before detection. This delay allows the hackers – Magecart – to gather potentially thousands of customers’ details.
Want to know more?
Whilst your customers browse and purchase on your website, scripts are loaded from third parties.
If a third party is compromised, hackers then have a way to write scripts affecting your website.
Hackers can then intercept customer card details without you even noticing.
Detecting data breaches
The key to detecting data breaches is identifying when data is sent from your website to another location.