Skip to Main Content
Image 7 7 20 at 3.49 PM
3rd Parties

Claire’s Data Breach Exposes eCommerce Vulnerabilities

With the majority of retail operations shifting to digital, it’s no surprise that malicious actors are seeing an opportunity to attack the websites of major brands and steal sensitive customer data. Recently making headlines, accessories retailer Claire’s suffered a data breach due to a Magecart attack that compromised customer payment information. According to a report, hackers injected malicious code onto Claire’s website, and through a few lines of javascript, intercepted customer information entered at checkout. While it is unclear how many customers were impacted by the breach, it has certainly shaken consumer trust.

Get a free personalized site performance snapshot to gain insight into the performance and security posture of your site. 

And these types of breaches can have real financial consequences for retailers. For example, Macy’s recently made headlines after reaching a settlement of up to $192K for a data breach. The breach was a result of a 3rd party gaining access to accounts on and However, Macy’s cybersecurity tools did not detect the breach until a month later, leaving customer account and payment information exposed for weeks. Similarly, J.Crew reported a data breach that took the company over a year to detect and disclose to consumers. The breach occurred when an unauthorized 3rd party accessed customer account information, including the last four digits of credit card numbers, expiration dates and associated billing addresses.

These types of malicious attacks are becoming increasingly common, and with more consumers adopting eCommerce as a result of the COVID-19 crisis, Magecart and other site breaches aren’t going away any time soon. Below, we’ve put together three steps that retailers should be taking to protect their eCommerce sites:

  1. Understand what 3rd party services are loaded on all site pages, especially those that contain sensitive information, like check-out and account login pages.
  2. Have full visibility into all services loaded on pages that are accessing user-inputted data and information.
  3. Strictly govern access to user information and where it’s being sent to.

Ready to take control over ALL the services executing on your site? Using Yottaa’s SERVICE CTRL enables brands to control where and how all services execute on their sites and removes the risk of unwanted services putting your brand at risk.

Get a free personalized site performance snapshot to gain insight into the performance and security posture of your site.