Levi Strauss notifies customers of security breach

Last update on: 3:46 am June 25, 2024 by fashionabc

As we move towards digitalisation, the growing volume of cybercrime and the increasing number of cyberattacks pose major challenges for companies. Cyber incidents such as ransomware attacks, data breaches, and IT disruptions, rank as the top global risk in the Allianz Risk Barometer – and by a clear margin. Per Allianz Risk Barometer 2024, “Following two years of high but stable loss activity, 2023 saw a worrying resurgence in ransomware and extortion losses, as the cyber threat landscape continues to evolve. Hackers are increasingly targeting IT and physical supply chains, launching mass cyber-attacks, and finding new ways to extort money from businesses, large and small. It’s little wonder that companies rank cyber risk as their top concern… It is the cause of business interruption that companies fear most, while cyber security resilience ranks as firms’ most concerning environmental, social, and governance challenge…”

Many companies have stringent processes in places for the proactive identification of cyber risks. At Levi Strauss, significant investments in technology and vendor relationships, help address key risk areas and allow focus on risk quantification and reporting. This approach positions the company to identify potential threats and invest in tools and resources to mitigate them. Stringent procedures of conducting annual reviews of the company’s cybersecurity policies, which reflect their intentions and standards and provide them with guidance for protecting data security, enabled the team to identify and report that over 72,000 accounts were affected during a “security incident” that was detected on June 13th, 2024.

Image Source: www.levis.com

The company revealed in a press e-mail that the threat actor may have viewed order history, name, email, and stored addresses. It said information, including the last four digits of the card number, card type, and expiration date, may also have been exposed “if you have saved a payment method.” Commenting on this, Thomas Richards, principal consultant at the Synopsys Software Integrity Group, said, “Over the past few weeks, we’ve witnessed an increase in data breaches being reported in what is becoming the summer of data breaches. Fortunately in this case, only customer emails were compromised and not complete credit card numbers or other private information. While the addresses may already be known publicly, this would allow an attacker to craft targeted phishing campaigns about this brand to elicit the targets to perform an action like resetting a password on a malicious landing page resembling the official one. The partially compromised credit card information would provide the attackers with a pretext of a legitimate transaction failing.”

Jasmeen Dugal