Top 5 Cyberattacks During Black Friday and Thanksgiving

Thanksgiving and Black Friday are important days for retailers and consumers alike, but they’re also key dates for cybercriminals.

During these periods, the explosion of online shopping, and the rise of transaction volumes make them a prime target for cyberattacks. In this blog we look back at 5 of the major holiday attacks from years gone by and the fallout from them.

In November 2019, Macy’s became a victim of a Magecart attack just before Black Friday. Hackers injected malicious code into the company’s online payment system, allowing them to skim customers’ credit card information directly from the checkout page.

The stolen data included credit card numbers, expiration dates, and verification codes, all captured during the purchasing process. Although Macy’s did not disclose the exact number of victims, it is estimated that thousands of customers were affected.

This breach resulted in significant damage to the company’s reputation, forcing Macy’s to notify affected customers and offer identity protection services at the height of the shopping season​.

One of the most infamous Black Friday-related cyberattacks was the Target data breach, which began over the Thanksgiving weekend in 2013. Hackers infiltrated Target’s network by using stolen credentials from a third-party vendor, installing malware on the retailer’s point-of-sale (POS) systems.

This breach allowed attackers to steal 40 million credit and debit card records and 70 million additional personal records, such as customer names, addresses, and phone numbers.

The financial cost of this attack was immense, with Target settling for $18.5 million across multiple states. Over 110 million individuals were affected, making it one of the largest breaches in retail history​.

In 2016, the San Francisco Municipal Transportation Agency (MUNI) was struck by a ransomware attack during the Thanksgiving weekend.

The ransomware, known as Mamba, encrypted over 2,000 of MUNI’s systems, including its ticketing machines, which led to passengers riding for free as the agency couldn’t process fare payments.

The attackers demanded 100 Bitcoin (approximately $73,000 at the time) to decrypt the data, but MUNI refused to pay the ransom. Though no sensitive customer data was compromised, the attack severely disrupted service for over 700,000 daily passengers, resulting in significant recovery costs​.

On Black Friday in 2015, Sony’s PlayStation Network (PSN) experienced a major outage, with Lizard Squad claiming responsibility.

The attack led to significant disruptions across both the U.S. and Europe, affecting account sign-ins, online multiplayer, and new console registrations.

Many users initially believed the outage was due to the surge of Black Friday traffic, but later that day, a Twitter user, @chippyshell, who claimed to be the founder of Lizard Squad, tweeted “PSN #OFFLINE #CHIPPY #LIZARDSQUAD.”

This tweet was retweeted by Lizard Squad’s official account, boosting visibility for the group.

In 2013, around the same time as the Target breach, luxury retailer Neiman Marcus was also hacked.

Like Target, Neiman Marcus had malware installed on its POS systems, which harvested payment card data from customers who shopped during the Black Friday period.

In total, about 350,000 payment cards were compromised, with 9,200 of those cards being used fraudulently. The breach cost Neiman Marcus significant legal and recovery expenses, emphasizing the vulnerability of retailers during the holiday shopping season​.

Below is a summary table of these cyberattacks, detailing the type of attack, the number of victims involved, and the resulting damages or costs.

Each attack had its own set of consequences, ranging from financial loss and stolen customer data to widespread service disruptions.

As these attacks show, the holiday season can be a prime time for cybercriminals to strike, targeting both businesses and consumers alike.

Don’t let your company be the next victim of a costly breach. BlackFog’s advanced anti data exfiltration (ADX) technology actively prevents data theft and ransomware by stopping cybercriminals before they can execute their attacks.

Whether it’s ransomware, phishing, or insider threats, BlackFog continuously monitors for threats, ensuring your sensitive information remains secure.

Request a demo of BlackFog’s solution and take the first step toward safeguarding your business this holiday season.