Retail and Hospitality Breaches Declined Over Past 2 Years

A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.

Publicly disclosed breaches in the retail and hospitality industries have fallen to less than five occurrences per month, down from double-digit figures over the last two years, a new report released today reveals.
This drop is attributed in part to merchants, hotels, and restaurant chains retooling their point-of-sale (POS) systems to accept EMV or chip payment cards, says Stephen Boyer, CTO and co-founder of BitSight Technologies, which authored
the report
.
EMV adoption has really accelerated since the Target breach and that could partly be the reason why the total number of breaches is trending down, Boyer says. You hear a lot about breaches all the time, so I was not expecting the total trend to be going down.
During the January 2015 to January 2017 period analyzed in BitSights report, the total combined number of publicly disclosed breaches in the retail and hospitality industries reached 320. But over the span of two years, it fell from 186 breaches in 2015, to 131 in 2016, with just three reported breaches in January.
POS systems were the largest vector of attacks for the hospitality industry, accounting for nearly 40% of the 181 breaches hotels and restaurants faced over the two-year period, according to BitSights data. The frequency of POS attacks fell sharply from eight a month in 2015, to as few as two toward the end of 2016.
Web apps, meanwhile, were the largest targets of attack in the retail industry, accounting for nearly 30% of the 139 breaches encountered during that period. During the first half of 2016, the retail industry had a slight spike in publicly disclosed Web app attacks, but no POS attacks, according to BitSight data. And in the first quarter of 2016, the hospitality industry got hit with six publicly disclosed Web attacks at a time when its POS attacks dipped.
I have no doubt that EMV cards are forcing some cybercriminals to Web apps. I think that is the only explanation that makes a lot of sense, says Avivah Litan, a Gartner analyst.
Chip cards are less lucrative and more work for cybercriminals to deal with, Litan says. EMV cards do not carry users data on a magnetic strip that can be skimmed and sold on the Dark Web, and specialized equipment is needed to pull information off the chip payment card, she notes.
Given those challenges, hitting a Web app and intercepting an e-commerce transaction may be easier for cyberthieves, according to BitSights Boyer.
He adds that although companies are getting better at protecting their customers data and transactions, cybercriminals remain highly motivated, and data breaches against the retail and hospitality industries arent likely to subside.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Retail and Hospitality Breaches Declined Over Past 2 Years