A retail company discovered a security breach after a customer reported unauthorized changes to her account. This triggered a five-month investigation ultimately revealing that unauthorized tracking technologies had been secretly siphoning customers’ personal data—including usernames, passwords, and credit card information—to a third-party broker. The breach was traced to a hidden coding vulnerability that allowed malicious actors to inject cookies and collect sensitive data undetected.
This case demonstrates how fraudsters leverage tracking technologies—such as cookies, pixels, and tags—to covertly collect personal information, often leading to identity theft and other scams. Such technologies frequently operate in the background without proper notification or consent, making detection and remediation challenging. Understanding how tracking technologies work and the risks they pose is crucial for organizations aiming to protect customer data and avoid costly breaches.
This article published in Fraud Magazine and written by BDO’s Global Privacy and Data Protection Leader Karen Schuler and U.S. Privacy and Data Protection Leader Taryn Crane explains how these technologies track data and offer best practices for investigating and mitigating unauthorized tracking.