Dick’s Sporting Goods Uncovers Cybersecurity Breach
Dick’s Sporting Goods is the latest high-profile organization dealing with an information systems breach.
The retailer revealed the incident in a filing with the Securities and Exchange Commission (SEC) Wednesday (Aug. 28), one week after it discovered “unauthorized third-party access” to its systems, including some confidential information.
“Immediately upon detecting the incident, the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate and contain the threat,” the filing said.
Dick’s added in the filing that it has notified federal law enforcement, that its investigation is ongoing, and that it has no knowledge that the breach disrupted its business operations.
“Based on the company’s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material,” the filing said.
The incident comes on the heels of several other high-profile cyberattacks and cyber incidents, such as last month’s Crowdstrike outage, or the more recent breach at the Port of Seattle, which runs the Seattle-Tacoma Airport.
“Traditional cybersecurity measures, while still crucial, are no longer sufficient to safeguard against sophisticated attacks,” PYMNTS wrote earlier this week. “To protect critical assets and maintain operational integrity, organizations must blend established best practices with innovative, emerging security solutions.”
In interviews for the “What’s Next in Payments” series, executives stressed to PYMNTS the same: General best practices should be coupled with emerging security solutions.
A multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.
David Drossman, chief information security officer at The Clearing House, described it to PYMNTS as building a “labyrinth of control” to offset damage even if one layer fails. Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.
“You may not have realized it yet, but they’re going to hit you,” Amount director of product management Garrett Laird told PYMNTS, adding, “the fraudsters are jerks — and they like to hit you on holidays and on weekends, at two in the morning.”
link