How Holiday Hacking Puts Your Company at Risk

Nov 11, 2022

The holiday season brings many good things. Family, presents, decorations, joy, good cheer, peace on Earth, and so on. Unfortunately for anyone working in IT or cybersecurity, the holidays also bring something else: an increase in hacking threats and data breaches. While many people’s minds are focused on Christmas trees, eggnog, and visions of sugarplums, for hackers the Christmas season presents the perfect opportunity to engage in naughty behavior. After all, during the leadup to Christmas, most companies’ websites see a surge in user traffic as customers do their last-minute shopping or check their bank accounts to see what they can afford. At the same time, IT professionals are either overworked or taking time off. This leads to the perfect conditions for cybercriminals to strike. 

Read on to learn about holiday hacking stats and a few of the more recent examples of companies falling victim to holiday hacking. Then, learn about how companies can keep their holidays hacking-free with the security development resources offered by Kiuwan. 

Macy’s

One of the most notable holiday hacking incidents in recent years happened to a retail company that is arguably more associated with the holiday season than any other. Beginning in October 2019, Macy’s suffered a massive data breach that exposed the personal data of countless loyal Macy’s customers.

Macys Logo How Holiday Hacking Puts Your Company at Risk

Though the company did not publicly disclose the exact number of Macy’s customers who were affected, they did report that the hackers were able to get their hands on personal information such as names, birthdates, home addresses, emails, and (most alarmingly) credit card information. As a result of this security breach, Macy’s saw a subsequent 11% drop in its stock prices, despite attempts at reassurance that the company had stopped the breach and implemented new security protocols after the fact. 

Marriott

Another major holiday data breach happened to a company that many people will come into contact with during their holiday travels. In November and December of 2018, the Starwood branch of the massive Marriott hotel chain suffered a significant data breach that exposed the personal information of millions of hotel guests over the past several years.

Marriott Logo How Holiday Hacking Puts Your Company at Risk

The company reported that the hackers were likely able to get hold of information such as credit card and passport numbers, phone numbers, home addresses, and even personal details of their stays at Marriott hotels. Though exact numbers were unclear, the company believed that the data breach could have affected as many as 500 million hotel guests around the world. 

Staples

Another major retail company that suffered a significant Christmastime data breach is the office supply super-chain Staples. In late December of 2014, Staples’ IT security team discovered malware attached to the point-of-sale terminals of around 115 Staples locations across the United States.

staples How Holiday Hacking Puts Your Company at Risk

Though the team moved quickly to remove the malware, the breach had already exposed the credit card information of around 40 million customers and affected the accounts of around 110 million people. Undoubtedly, the extent of this data breach was exacerbated by the surge in sales that came with that year’s holiday shopping season. 

Kay Jewelers 

Even the most high-end retailers aren’t immune from cybersecurity risks and data breaches during the holidays. In November and December of 2019, Kay Jewelers suffered a major data breach that affected customer information security on its website.

kay jewelers logo How Holiday Hacking Puts Your Company at Risk

In this case, hackers were able to alter Kay’s order confirmation link and gain access to millions of customers’ personal information, including sensitive credit card and banking data. As a result of this breach, millions of shoppers looking to purchase exquisite jewelry for their loved ones during the holiday season unwittingly had their personal and financial information stolen by cybercriminals. 

Other November and December Data Breaches

Given the widespread ubiquity of cyberattacks, hacking, and data breaches during the holiday season, it seems as if no major retailer is immune. In 2020 alone, several popular shopping destinations reported significant hacks and data breaches that exposed the personal information of customers. These companies included Jared Jewelers, Adidas, Under Armour, Poshmark, and Planet Hollywood. 

Put an End to Holiday Hacking With Kiuwan

Data breaches like these should make it clear that the months leading up to the holiday season are the best time for a company to beef up its data security, application security, and software security. For companies looking to avoid falling victim to holiday hacking, Kiuwan provides the best tools and resources needed for IT security best practices. Through a partnership with Kiuwan, companies can employ security approaches such as SAST and SCA, minimize risks to their customer data, prevent attacks, and ensure that cybersecurity does not make their holidays less merry. 

Get your FREE demo of Kiuwan Application Security today!

Identify and remediate vulnerabilities fast and efficient scanning and reporting. We are compliant with all security standards tailored packages for your team to mitigate your cyber risk within the SDLC.