Although dwarfed in size and scope by more recent incidents, three of the most well-known mega-breaches involved large retail chains. With the approach of the holiday shopping season, our loss data experts pulled together these and other cyber incidents against retailers, as highlights from our 55,000+ cyber incidents.
Retailer cyber losses
From 2005 to 2006, cyber-criminals accessed the payment processing systems of a global retailer and its U.S. and foreign subsidies. The 18-month breach affected 100 million individuals and resulted in total costs of over $218 million.
Another cyber incident against a retailer cost a whopping $553 million. A major retailer discovered an ongoing data breach that had been in progress for several weeks. The breach had been accomplished through a phishing attack on a 3rd party service supplier who legitimately had credentialed access directly to the retailer’s systems. A total of 110 million customers were affected.
These are two of 10 retailer cyber losses featured in this paper prepared by Advisen using loss data pulled from its loss database. This cyber loss data is housed in a structured, relational database, and is mapped to the appropriate company from our database of over 20 million insureds.