Navigating Today’s Retail Cybersecurity Challenges: Protecting Operations and Customer Data

Retail cybersecurity challenges have dramatically evolved since the infamous “Retailgeddon” of 2013 and 2014, which prominently featured breaches at giants like Target and Home Depot. Today, the threats facing retailers go beyond stealing credit card numbers. Now, attackers aim for operational disruption, credential theft, and third-party vulnerabilities that shake consumer trust and lead to severe financial impacts. Let’s dive into how these modern retail cybersecurity challenges differ from past attacks and review actionable strategies all organizations can implement to protect their data and prevent downtime and lost revenue.

The New Face of Retail Cybersecurity Challenges

Gone are the days when payment card breaches dominated headlines. According to Verizon’s 2025 Data Breach Investigations Report, stolen payment data accounted for just 1% of breaches within the “System Intrusion” category, reflecting a significant decline compared to past decades when payment card breaches were far more common. But retailers can’t breathe easy yet. Today’s attackers are more focused on operational disruptions and credential theft. “We’ve gotten a lot better at fraud monitoring, shutting down attackers,” stated Sherri Davidoff, founder of LMG Security. “That means payment cards are not as valuable for criminals.” Instead, she explains, attackers increasingly target “operational disruption,” holding critical systems hostage through ransomware.

Retail giants like Victoria’s Secret, Adidas, Cartier, and Ahold Delhaize have recently suffered significant breaches that illustrate these shifting threats:

• Victoria’s Secret faced a mysterious security incident in May, forcing the retailer to take down its e-commerce platform entirely for three days. The outage resulted in substantial financial losses and a 7% stock drop. “They actually lost three continuous days of revenue, plus the long-term trust implications,” Matt Durrin, LMG Security’s director of training and research, shared. “The financial impacts were significant.”
• Ahold Delhaize, the parent company behind grocery chains like Food Lion, experienced a ransomware attack that took pharmacies offline, jeopardizing customers’ health and safety by interrupting medication access. “People couldn’t fill prescriptions—this is a real risk to health and safety,” Davidoff highlighted.

Redefining What “Sensitive Data” Means

One critical takeaway from recent retail cybersecurity challenges is redefining what constitutes “sensitive data.” Previously, retailers primarily protected payment card data and personal identifiers like social security numbers. However, modern attackers are capitalizing on seemingly less sensitive data like email addresses, customer preferences, purchase history, and access tokens.

Davidoff emphasizes, “Names, addresses, order history, birthdays—even if it doesn’t seem super sensitive, all that information is incredibly useful for attackers.” Durrin adds, “Criminals can leverage these data points to create highly tailored phishing campaigns, significantly increasing their effectiveness.”

The case of Cartier further underscores this point. Attackers gained access to customer names, emails, and countries. While seemingly innocuous, this information can fuel targeted phishing and impersonation attacks, leading to direct financial and reputational harm.

Third-Party Risks: The Achilles’ Heel of Retail Cybersecurity Challenges

The Adidas breach illustrates another crucial dimension of today’s retail cybersecurity challenges: third-party vulnerabilities. Attackers accessed Adidas’s customer database via a third-party IT provider, highlighting the importance of stringent third-party risk management. According to 2025 Verizon DBIR, breaches involving third-party actors DOUBLED from the previous year’s report. This is an alarming statistic for retailers and organizations that are increasingly reliant on SaaS and cloud providers.

Remember the Target breach of 2013? Attackers compromised Target through a small HVAC vendor, underscoring that even seemingly insignificant third-party relationships can present substantial risks. Davidoff highlights, “Your third-party vendors and partners are a risk. You must scrutinize their security controls closely. We recommend our clients use a third-party risk management platform, and we have helped many clients implement this system and develop the policies and procedures they need to reduce their risk of an expensive third-party breach.”

Credential Stuffing and Customer-Facing Systems

Retailers today are often held responsible when attackers compromise customer accounts—even if weak customer passwords are partially to blame. The North Face recently discovered that attackers used stolen credentials to access customer accounts, gaining names, addresses, and order histories. Davidoff points out, “Organizations weren’t held responsible for hacked customer accounts several years ago, but that’s changed.”

A landmark case involving Dunkin’ highlighted this accountability shift. Dunkin’ faced a $650,000 fine after customer loyalty accounts were breached due to poor password management practices.

The Rise of Operational Disruption

Today, ransomware incidents frequently target operational systems to maximize disruption. Davidoff shared, “Operational disruption for a big company is a huge problem.” Attackers recognize that disrupting key operations like online sales, pharmacy services, or customer support creates immediate pain points, forcing victims to quickly consider ransom payments.

Key Takeaways: Protecting Your Organization Against Modern Retail Cybersecurity Challenges

To safeguard your organization from today’s evolving retail cybersecurity challenges, consider these strategic actions:

• Redefine “Sensitive Data”: Expand your scope to protect data beyond traditional sensitive categories. Monitor and secure names, email addresses, access tokens, and other seemingly innocuous information that attackers can weaponize. Check out our blog on how API keys can cause a breach.
• Implement Robust Third-Party Risk Management: You can’t secure what you don’t know is exposed. Utilize comprehensive third-party risk management programs to assess, monitor, and mitigate third-party threats. Read our TPRM overview and best practices blog for more details.
• Secure Customer-Facing Systems: Mandate strong authentication practices, including multi-factor authentication (MFA), especially for administrative accounts. Davidoff advises, “MFA is not enough by itself. Monitoring and proactive protection of customer-facing systems are essential.”
• Test Incident Response for Operational Downtime: Regularly test your incident response plans with a tabletop exercise simulation specifically for operational disruptions. Ensure your cyber insurance adequately covers business interruptions and clearly understand activation processes. For more information, read our blog on ransomware tabletop exercises and cloud and exploit tabletop exercises.

Final Thoughts

Retail cybersecurity challenges have evolved significantly since the days of simple card skimming. Today’s threat landscape demands proactive, multi-layered strategies to protect operational continuity, customer trust, and business revenue. Organizations across sectors, not just retail, must stay vigilant against disruption-focused attacks and adapt swiftly to emerging threats.

By redefining sensitive data, rigorously managing third-party risks, and securing customer-facing systems, your organization can effectively mitigate these modern retail cybersecurity challenges.

Please contact us if you need help developing new cybersecurity policies, testing, risk mitigation services, or training.  Our expert team is ready to help!