<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
Retail

Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers

Alex Campanelli | August 3, 2018

Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart, compromised over 800 e-commerce sites by secretly installing digital card-skimming software on third-party components and services used by these retailers.

This breach highlights the growing number of third party service providers that retail and e-commerce companies rely on - and this is not unique to the retail industry, as most industries rely on similar third parties across their supply chains. Sometimes these organizations can have up to tens of thousands of third parties, all with a specific business function.

Retailers face a unique challenge by relying on so many third parties — this includes e-commerce businesses and others — where even one line of code compromised within that third party can affect an extremely significant amount of retailers. As the old saying goes, it only takes one. There is a network of interdependence clearly evidenced here by the third party platforms and service providers that compromised other retailers in addition to Ticketmaster. These service providers include Inbenta, SocialPlus, PushAssist, CMS Clarity Connect, and Annex Cloud.

BitSight researchers looked at the number of service providers that retail companies rely on. Our data shows that for retailers with a company size of 5,000 employees or more, the median number of service providers is 52. As one might assume, the larger the retailer, the more service providers they possess and the bigger their attack surface grows.

retail_2

As retailers continue to rely on an increasing number of service providers, their risk of data breach through those third parties increases as well. BitSight Security Ratings continuously monitor and quantify the cyber risk of third parties, enabling organizations to efficiently scale their vendor risk management programs. It’s critical that retail organizations continuously monitor all of the third parties in their supply chain with the rise of e-commerce.

Learn how BitSight Security Ratings can help you scale your third-party risk management program.

Suggested Posts

Ticketmaster Breach Highlights Retailers' Dependence on Multitude of Service Providers

Early last month, it was disclosed that Ticketmaster suffered a data breach through a third party service provider as part of a payment card hacking campaign; Ticketmaster was just one of hundreds of victims. The threat actor, Magecart,...

READ MORE »

2015 Information Security Predictions Round-up

It's the time of year that every media outlet talks about predictions and resolutions. We've compiled a list of the most interesting and/or relevant information security predictions for 2015 and added a few of our own, courtesy of BitSight...

READ MORE »

Are Third Parties to Blame for Poor Security Performance in the Retail Industry?

Today, we released a new study on retail industry security performance — just in time for the holiday shopping season! Considering all of the retail breaches that occurred over the last 12 months, we wanted to find out if retailers had...

READ MORE »

Subscribe to get security news and updates in your inbox.