Volusion Data Breach – Comments

While a website might appear to wholly belong to one brand to the consumer, in reality most websites include multiple plugins from different suppliers. This breach demonstrates the potential damage that can be done if just one trusted third party provider is compromised. In this case, Volusion has 20,000 customers, so 20,000 websites could potentially be compromised.

E-commerce sites are at particular risk to this type of attack, because of the highly valuable card data that third parties have access to, which makes them a target for hackers. However, it has to be remembered that more websites than you think now contain an e-commerce function. For example, this same Magecart attack technique was used to compromise British Airways last year.

While it is the third party that is at fault, it will be the company that owns the website that will ultimately be held responsible for any misuse of customer data. While pulling out plugins from a website isn't a realistic solution, all organisations should regularly run security assessments on their web applications to uncover vulnerabilities such as these and mitigate them quickly.

From the point of view of consumers who could be affected, they should closely monitor their bank statements for any unusual activity and alert their bank immediately if they notice any.