Payment data or addresses of the online store customer base end up in the hands of third parties, are published, resold on the darknet, misused for phishing attacks or offered for repurchase by blackmailers. The most common reasons for data leaks from online stores are configuration errors, cloud and server vulnerabilities, and targeted hacker attacks.
- The customers of the online store suffer irreversible damage as a result, for which the online store can be sued individually or multiple times for damages.
- In addition to legal consequences and liability, the affected online store loses the trust of customers due to security deficiencies.
- Customer confidence due to security flaws.
- Duty to report to data protection authorities and publish the incident.
- Affected online stores must be taken offline for several days and sales are at a standstill until the root cause determination and the elimination of the data leak are completed.
- The process of ex-post analysis is further complicated with inadequate monitoring solution and logging in case of hacker attacks as intruders make high efforts to cover their own tracks and place backdoors for future attacks.
- In the event of damage come in addition to penalties for data protection violations, claims for damages still high expenses for forensics and testing for backdoors and rootkits required before the online store may be put back into operation.