New NYC Crackdown Targets Repeat Shoplifters Terrorizing Businesses
Queens DA, NYPD using new tactic to stop repeat shoplifters terrorizing NYC shops
Shoplifters in Queens may now also get slapped with trespassing notices as part of a new law enforcement initiative that aims to crack down on repeat offenders terrorizing local businesses.

The "innovative" initiative - dubbed the Merchants Business Improvement Program - allows business owners to get restraining orders against suspects who repeatedly come into their stores and steal or harass workers, officials said Tuesday.

"With the high rate of retail theft we are seeing throughout the city, it is absolutely essential that we keep fighting back," Queens District Attorney Melinda Katz said in statement announcing the borough-wide expansion of the pilot program.

"We are not going to allow a small group of individuals to terrorize shop keepers, their employees and customers and to disrupt our local economy," Katz said, adding, "We will not allow that to happen, because when our local businesses thrive, our communities thrive."

Shoplifting has surged in the Big Apple over the last few years - with businesses in Queens being hit particularly hard. Officials believe the additional trespass charge will deter shoplifters from targetting the same stores repeatedly.

"The challenge is it's a crime driven by recidivism," Chief of Crime Control Strategies Michael Lipetri said. "This year, 350 unique people account for 30% of all our shoplifting arrests."

The pilot program launched in June 2021 in three NYPD precincts in Jamaica, Flushing and Astoria, with a total 142 stores signing up. Since then, 83 sticky-fingered suspects were formally told they'd be arrested for trespassing if they returned to a store - five of whom were then busted for violating the orders of protection, the DA's office said.

Lipetri said that while shoplifting remains a serious problem, some progress has been made. Cops have seen a 5% dip in shoplifting complaints this year, along with a 20% uptick in arrests, according to NYPD data. nypost.com


Video Surveillance Requirements at C-Stores & Gas Stations Are Growing
Being the #1 location for violent retail fatalities CCTV's should be a requirement

Atlanta to require surveillance cameras at all service stations & 24 Hour C-Stores
The city said this legislation is aimed at "reducing the number of car theft incidents and violence" at service stations throughout Atlanta.

Atlanta City Council members passed new video surveillance requirements for gas stations which, residents say, are a hotbed for criminal activity.

Before a three week hiatus, Council member Andrea Boone introduced a resolution that mandates that gas stations and convenience stores install high-definition cameras at gas pumps that run 24 hours a day, 7 days a week.

The new surveillance requirements will impact more than 250 businesses within the city limits. The legislation passed on Monday unanimously.

DeKalb County recently began enforcing similar, but much more expansive, requirements in an effort to deter crime there. securityinfowatch.com


Flash-Mob Robberies Surge Across Southern California
'Retail robberies, burglaries and thefts are the highest they've been since at least 2010'

SoCal law enforcement, business owners looking for ways to prevent wave of flash-mob robberies
Dozens of masked suspects have run out of stores in Century City, Canoga Park, Glendale and other Southern California communities with armfuls of stolen merchandise, sometimes worth hundreds of thousands of dollars. In one recent hit, roughly 30 people stole more than $300,000 in merchandise from the Westfield Topanga mall on Saturday.

LAPD data shows last year, only about a quarter of such robberies led to an arrest. Leaders in the law enforcement and business communities are saying enough is enough. "We've gotta get our elected officials to change some laws, enforce the laws we have and hold people accountable - especially these criminals that are doing it over and over again," said developer Rick Caruso, owner of the Grove and other SoCal retail centers.

"I cringe when I see these national stories about California because that's not what we're about," said Rachel Michelin, president of the California Retailers Association. "These aren't the values of the people who live in California. All we want to do as retailers is safely be able to operate our stores."

An ABC7 analysis of retail robberies, burglaries and thefts reported by the LAPD show these types of crimes over the last 12 months are the highest they've been since at least 2010. Los Angeles County Sheriff Robert Luna is exploring crime centers, to help the response time.

But leaders are divided over what to do when the thieves are actually caught. Efforts to amend California's shoplifting and petty theft laws have failed. LA County has reinstated zero-bail for nonviolent, low-level offenses. But on Monday, District Attorney George Gascón said these crimes go beyond that.

"We view them as organized crime, and we will use every tool available under the law when there is an arrest made to make sure that these individuals are held accountable," Gascón said. abc7.com


How much is all this shoplifting costing us?

Female Retail CEOs Increasingly Being Replaced by Men
'Industry observers see a loss in gender representation'

In Retail's Top Echelons, Female C.E.O.s Lose a Bit of Ground

Several prominent companies, like the Gap and Kohl's, have recently replaced female leaders with men. Industry observers see a loss in gender representation.

At the start of this year, a slew of major retailers were searching for the right person to fill their chief executive roles. Most of those companies have now found that person - and in almost every case it was a man.

In recent months, major retailers like Gap, Stitch Fix, Victoria's Secret, Kohl's, the Vitamin Shoppe and the RealReal have appointed men to chief executive positions previously held by women. Others like Macy's, VF Corp (which owns the North Face and Timberland) and the Italian denim brand Diesel replaced men with men at the top.

And then there's Bed Bath & Beyond. Sue Gove was chief executive of the home-goods retailer before it filed for bankruptcy in April. The company has since been revived by Overstock.com, which bought the bankrupt retailer's intellectual property and assumed its name. This month, Overstock's top executive, Jonathan Johnson, became chief executive of Bed Bath & Beyond.

In general, it is rare for a female chief executive to be succeeded by another woman regardless of the industry, according to an analysis by Catalyst, which works with hundreds of companies to advance the careers of women.

While the number of female chief executives had been trending upward in recent years, nearly 90 percent of Fortune 500 companies are run by men. Of the 86 retail companies in the Fortune 1000, 13 had a woman as chief executive as of July 2023, down slightly from the year before, according to the executive recruiting firm Heidrick & Struggles. Retail executives have long been quick to note that purchases are largely driven by women, who make most of the spending decisions for their households. The majority of the industry's entry-level work force is also female. Seventy-two percent of cashiers are women, and about half of retail salespersons are women, according to data from the Bureau of Labor Statistics.

The underrepresentation of women in retail C-suite roles "is more pronounced because it's building off of a female base, which should generate theoretically through the ranks more executive leadership," said Kathy Gersch, the chief commercial officer at Kotter International, which helps large companies train potential leaders. "But we're not seeing some of that happen."  nytimes.com


Corporate Governance - Compliance - Risk Management Issues at Discover
Discover Acknowledges it's Been Overcharging Merchants for Years - Pres. & CEO Resigns
During an earnings call in July, the company revealed it was facing a possible FDIC consent order in connection with consumer compliance issues, while also acknowledging it had been overcharging merchants for years.

"Beginning around mid-2007, we incorrectly classified certain card accounts into our highest merchant and merchant-acquiring pricing tier," Hochschild said at the time.

The company said that it was in talks with its regulators on this matter, as well as about corporate governance and risk management, and was pausing its share repurchasing program while that work was underway.

"The Board is continuously focused on Discover reaching its full potential across the business, including our commitment to enhancing compliance, risk management and corporate governance."

The credit card provider announced the leadership change late Monday (Aug. 14), weeks after the company revealed it was the subject of a possible action by the Federal Deposit Insurance Corp. (FDIC).

"Additional supervisory actions could occur." Editor's Note: they're stating $365M in liabilities in July's earnings release. pymnts.com


Turning Down the Heat on 13,500 U.S. Franchise Restaurants
McDonald's makes some changes in its franchisee inspections

McDonald's is making some changes in an inspections program that ignited a year-long uprising among the chain's U.S. franchisees.

In a memo to operators late last month, said that it would modify the program, known as PACE or Performance and Customer Excellence program.

The company said it would temporarily stop inspections on Sundays, for instance, and will not evaluate equipment issued by supply chain delays. McDonald's is also planning to simplify processes to fix problems found in previous inspections-and will give operators a 48-hour notice via email before follow-up visits.

David Bear, chairman of the National Owners Association, a group of independent operators that has been vocal in its opposition to the inspections, called the changes an "improvement" in a speech at the organization's annual meeting last week.

But, he said, "They simply don't go far enough. There's more work to be done." Specifically, he said the inspections are too frequent and said the "cycle" of assessments should be extended from every 12 months to every 18 to 24 months. restaurantbusinessonline.com


Retail sales roar in July as American consumer beats expectations again
Retail sales rose solidly last month in a sign that consumers are still spending freely
NEW YORK - Americans increased their purchases at retailers last month - for clothing, dining out, online goods and other areas - in a sign that solid consumer spending is still powering a resilient U.S. economy.

Retail sales rose a better-than-expected 0.7% in July from June, according to the Commerce Department's report Tuesday. The gain was higher than a revised 0.3% increase the previous month and marked four straight months of increases. The figure also surpassed the 0.2% increase in consumer prices last month, indicating that shoppers are spending at a healthy pace.

Analysts noted that spending on Amazon Prime Day, the online juggernaut's big two-day sales event that took place earlier last month, also helped boost online sales.

Excluding autos and gas, sales rose a solid 1%. A closely watched category of retail sales that excludes auto dealers, gas stations and building materials and feeds into the gross domestic product jumped 1% last month compared to the prior month, the biggest move in six months, analysts said.

Department stores posted a 0.9% increase, while clothing and accessories stores had a 1% gain. Sales at sporting goods stores and hobby stores rose 1.5%. At restaurants, sales rose 1.4%, while online sales increased 1.9%.

But furniture and home furnishings stores and electronics stores remained weak, registering declines. fortune.com

   RELATED: NRF Statement on Strong July Retail Sales


'Safety Hazard': Target Employee Confronts Flash Mob
Target employee called 'racist' for calling cops on 'flash mob' that tried to film dance video in store
A wannabe pop star is receiving backlash online after she labeled a Target employee as a "racist" for calling the police on her "flash mob" that showed up uninvited to a store and began filming a dance video.

In the video, Baby Storme, who lists Los Angeles as her hometown on social media, and about a dozen other people dressed in goth-inspired costumes begin a slow dance as they walk through an aisle at a Target, whose exact location could not be determined.

As the large group of mostly women dance to the song, a store employee is seen blocking the camera's view in an apparent attempt to stop the spectacle. The video then cuts to a store employee telling the group that they were posing a "safety hazard" - prompting cries of protest from the dancers.
 
Towards the end of the clip, the large group is seen leaving the store. nypost.com


400 Stores Across 5 States
Aldi to acquire Winn-Dixie and Harvey's Supermarket

The deal for approximately 400 grocery stores across five Southeastern states continues the discount grocer's aggressive growth trajectory.

Aldi announced Wednesday that it has agreed to acquire Winn-Dixie and Harveys Supermarket from Southeastern Grocers as that company continues to divest its various grocery assets.

The deal includes approximately 400 Winn-Dixie and Harveys locations in Alabama, Florida, Georgia, Louisiana and Mississippi. The transaction is expected to close in the first half of 2024, subject to regulatory approval and other closing conditions.

The deal continues Aldi's aggressive growth trajectory over the past several years and marks its largest acquisition so far in the U.S. The discount grocer plans to evaluate whether or not to rebrand locations to the Aldi name. "For those stores we do not convert, our intention is that these continue to operate as Winn-Dixie and Harveys Supermarket stores," Aldi CEO Jason Hart said in a statement. grocerydive.com


New Jersey orders the closure of 27 Boston Market restaurants
The state's Department of Labor fined the company $2.6 million in unpaid wages, liquidated damages and administrative penalties. It is the latest in a series of setbacks for the collapsing chain.

The NRF's 2023 Hot 25 Retailers List

Yum Brands CFO Has a Plan for 100% Digital Transactions

Trader Joe's confirms its stores will never include self-checkout

Casey's to Acquire 63 C-stores From EG America


Quarterly Results

Target Q2 store comp's up 1.3%, digital comp's up 9%, comp sales up 2.6%

TJX Q2 comp's up 6%, net sales up 8%
 

Senior LP & AP Jobs Market

VP, Information Systems Security and Compliance (CISO) job posted for C&S Wholesale Grocers, Inc. in Keene, NH
As a Vice President, IS Security and Compliance you will be responsible for successfully implementing and maintaining security operations and security compliance policies, procedures and audit programs. This role is responsible for implementing and maintaining the installation of all security related applications, processes, and procedures and, communicating company policies related to information security. careers.cswg.com
 

Fighting Sophisticated Phishing Attacks
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up

Perception Point's Din Serussi says browser extensions can help mitigate more sophisticated phishing techniques.

Phishing attacks are moving beyond conventional efforts and require more sophisticated detection capabilities.

That's because modern types of phishing are harder to detect, especially as employees work remotely and are harder to protect, noted Din Serussi, incident response group manager at Perception Point, in his talk at Black Hat USA this week. If that sounds alarmist, consider that 91% of cyberattacks begin with a phishing email.

While it once took an attacker time to create a phishing template, Serussi said AI can now generate a phishing template in 30 seconds with the malicious URL and a malicious file automatically embedded.

Some of the Phishy Ways

Serussi listed a number of modern phishing tactics used by attackers. These included using Cyrillic alphabet characters in a URL to disguise the malicious link the attacker pushes to their would-be victim. "To the human eye, it actually looks like a normal text, right? If we copy and paste it to the command line, we can see the suspicious spaces between the different letters and if we are going to break down the unicode, we can see how the hackers are actually managing to manipulate us," he said.


Another tactic is "browser within a browser," where an attacker uses HTML and CSS code, so a browser tab or pop-up is opened within your browser, often with "https" in the URL to gain the user's confidence. While these do not come with an option to download malware, they can collect personal and credit card information as they look genuine. Serussi said security software with visual analytics will head off this browser-in-a-browser attack.

Fixing the Issue

Serussi said there is a new approach for addressing in-browser security issues: browser extensions that offer detection capabilities. He said the first step is to have 100% dynamic scanning so that "when you are moving the detections from email to the Web browser, you are able to detect the malicious behavior." darkreading.com


Abandoned Websites Are Easy Targets For Phishers
Phishing Operators Make Ready Use of Abandoned Websites for Bait

Abandoned sites - like Wordpress - are easy to break into, offer a legitimate looking cover, and can remain active for longer than average.

Attackers are increasingly targeting abandoned and barely maintained websites for hosting phishing pages, according to a new study from Kaspersky. In many cases, phishers' focus is on WordPress sites because of the sheer number of known vulnerabilities in the widely used content management system and its numerous plug-ins.

Long neglected domains are also attractive for attackers because phishing pages can remain active on them for a long period as well. This can be especially significant for attackers given the relatively brief lifecycle of phishing pages in general. In December 2021, Kaspersky released a report that summarized its analysis of the lifecycle of phishing pages. The study showed that 33% of phishing pages became inactive within a single day of going live. Of the 5,307 phishing pages that Kaspersky researchers analyzed for the study, 1,784 stopped working after the first day, with many becoming inactive in just the first few hours. Half of all pages in the study ceased to exist after 94 hours.

For threat actors, the task of breaking into abandoned and barely maintained websites is often simple because of the security holes that exist in the environment. Just last year, researchers and vendors disclosed a total of 2,370 vulnerabilities in WordPress and plugins. The most common of these include cross-site scripting, authorization bypass, SQL injection, and information disclosure.

Kaspersky found that typically, when an attacker breaks into a WordPress site via a vulnerability, they upload a WSO Web shell, which is a malicious shell script that allows attackers complete remote control over the website. The attackers then use the Web shell to break into the compromised website's admin panel and start putting fake pages on it. They also use the control panel to store credentials, bank card data, and other sensitive information that a user might be tricked into entering on the website. When an attacker leaves access to the control panel open, anyone on the Internet can then get access to the data, Kaspersky said. darkreading.com


Surging Demand for Cyber Professionals
Why cybersecurity is a blue-collar job
Cybersecurity has witnessed exponential growth in recent years, fueled by the increasing sophistication of cyber threats. As the demand for skilled professionals continues to surge, traditional approaches to education and job requirements are being challenged.

Programs like CyberPatriot provide meaningful opportunities to connect with high school students interested in cybersecurity, allowing for mentorship and guidance at an early stage. Unfortunately, the current education system often pushes students toward a collegiate environment without exposing them to vocational education paths that can be completed in less time and at a lower cost.

For students with a clear interest in specific cybersecurity verticals, industry-relevant certification paths can be viable alternatives to traditional college routes. Specialized certifications like OSCP, SOC Analyst Training, and GIAC cater to the specific interests of students, allowing them to tailor their educational and certification paths accordingly. helpnetsecurity.com


How disjoined threat intelligence limits companies - and what to do about it

There's no shortage of research on attackers, but for many CISOs, turning those insights into action is a difficult endeavor.

Threat intelligence is more abundant than ever. The information defenders can use to hunt, prepare for and counter potential threats isn't hard to find, but it is fragmented.

On the public side, the Cybersecurity and Infrastructure Security Agency and other federal agencies regularly release advisories to alert organizations to malicious activity. Privately, and at a cost, threat intelligence firms publish thousands of pages of data and analysis on the most common and unique threats every month.

CISOs and security practitioners are left to make sense of it all - crowdsourcing intelligence from research firms and cybersecurity authorities. Turning those disjoined insights into actions that bear results isn't an easy endeavor. cybersecuritydive.com


Introducing the NIST Cybersecurity Framework 2.0 Reference Tool!
Today, NIST is officially unveiling our new Cybersecurity Framework (CSF) 2.0 Reference Tool. This resource allows users to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples) and offers human and machine-readable versions of the draft Core (in both JSON and Excel formats). Currently, the tool allows users to view and export portions of the Core using key search terms. This tool will ultimately enable users to create their own version of the CSF 2.0 Core with selected Informative References and will provide a simple and streamlined way for users to explore different aspects of the CSF Core.

NIST will continue to add additional features to the CSF 2.0 Reference Tool in the coming months (for example, Informative References will be added once CSF 2.0 is finalized in early 2024, which will help to show the connection between the CSF and other cybersecurity frameworks, standards, guidelines, and resources). nist.gov
 

What's New in the NIST Cybersecurity Framework 2.0

D'lberville, MS: D'Iberville Police help nab Georgia man suspected in $250,000 of T-Mobile thefts
A Georgia man is in jail after being charged with felony shoplifting in D'Iberville. D'Iberville Police Chief Shannon Nobles said 25-year-old Damani Wright of Alpharetta, Georgia, is accused of stealing merchandise from the T-Mobile store on Sangani Boulevard. His bond is set at $100,000. Nobles said the case began on July 20, when officers received a shoplifting complaint at the store. T-Mobile employees said the suspect, identified as Wright, entered wearing a hospital mask, and began cutting security tags off phones and accessories on display. About two minutes after entering the store, the suspect left with items valued at more than $15,000. Security footage captured images of the suspect, who was identified as a suspect in other T-Mobile thefts in multiple states - with the help of T-Mobile's Loss Prevention team. The vehicle Wright left in a vehicle that was linked back to one of Wright's accomplices. Wright was arrested in Gwinnett County, Georgia. A warrant was issued for Wright from D'Iberville. He also faces multiple felony charges in Georgia, North Carolina and Florida. T-Mobile estimates the total loss allegedly caused by Wright and his accomplices is valued at more than $250,000.  wbrc.com


Roseville, CA: Update: Two women arrested for $37K Sunglass Hut theft
Two Sacramento women were arrested in Roseville on July 18 in connection to a robbery in which products worth more than $37,000 were stolen from a Roseville retailer, according to the Roseville Police Department. The two 18-year-old suspects are believed to be involved in a July 11 robbery of a Roseville store on Roseville Parkway where more than 100 pairs of designer sunglasses were stolen. Police told FOX40.com that a third female involved in the robbery is not being charged as an accomplice or suspect Police told FOX40.com that the retailer provided detectives with images and detailed information about each pair of glasses that were stolen. Several days after the robbery law enforcement located sunglasses on a re-sale website that matched the description of the stolen sunglasses and that still had the tags on them. After confirming with the retailer that they were the same sunglasses, law enforcement located the stolen items and found they were still in the possession of the suspects. When the two women were located, law enforcement also found a number of other reported stolen items and were able to track them back to the retailer and confirm they were the stolen items, police told FOX40.com.  fox40.com  


Glendale, AZ: Phoenix man accused of Organized Retail Theft also suspected of stealing French Bulldog
Court documents state a Phoenix man is accused of committing multiple felonies, as a result of a Glendale Police investigation involving an organized retail theft ring. The suspect, according to the documents, was arrested on Aug. 9. Court documents identified the suspect as 32-year-old Jeramiah Jermaine Young. According to Glendale Police, the investigation that ended with Young's arrest began on July 25 as an investigation into a group of subjects accused of being involved in an organized retail theft ring. "Detectives were advised there were several shoplifting incidents the subjects had been involved in with various retail stores at the Tanger Outlet," read a portion of the court documents. Court documents state that during the course of the investigation, detectives linked Young and others to several incidents throughout the Valley. {May 4 Old Navy $1000, June 22 Old Navy $5200, July 6t Victoria's Secret $5475, July 17 Victoria's Secret $1100, July 18 Victoria's Secret $600, July 27 Dick's Sporting Goods, July 27 Dick's Sporting Goods}. While at the [hotel], detectives learned that the Tempe Police Department had been out to the same hotel earlier that morning investigating a stolen dog incident, where a French Bulldog had been stolen," read a portion of the court documents. "Detectives were advised that the suspects involved in the shoplifting incidents were suspected of stealing the French Bulldog. Detectives continued surveillance but never observed the dog during surveillance."  fox10phoenix.com


West Lafayette, IN: 5 juveniles failed in shoplifting spree at Walmart
West Lafayette police were waiting Monday night for the five suspected thieves as they came out of the West Side Walmart. Store loss prevention called police about 8:35 p.m. Monday to report that five juveniles were inside the store, putting on clothes and stuffing clothing into bags, according to West Lafayette police. Walmart's loss prevention staff believed that the juveniles planned to bolt from the store without paying for the merchandise. Sure enough, that's what they did, police said. When the five left the store without paying, West Lafayette officers were waiting, police said. Four of the juveniles - a 13-year-old boy, a 15-year-old boy, a 12-year-old girl and a 16-year-old girl - stopped when officers told them to, according to police. A 13-year-old boy, however, took off running, police said. He was soon caught. Police called the mothers of the four who stopped when ordered to by officers. They were released to their parents, police said. However, their cases will be sent to juvenile probation for possible charges on suspicion of misdemeanor theft, police said. The boy who ran was booked into juvenile detention on suspicion of misdemeanor theft and resisting law enforcement, police said.  jconline.com


Glendale, WI: Kohl's theft, police chase; man, 2 women accused
A man and two women from Milwaukee are accused of stealing from a Kohl's department store and leading police on a chase that reached speeds of nearly 90 miles per hour. The accused are 27-year-old Robert Hill, 29-year-old Lilcherry Gallion, and 18-year-old Velicity McBride. They face the following criminal counts: Felony retail theft-intentionally take >$500-$5,000 (Gallion, Hill, McBride) Vehicle operator flee/elude officer causing damage to property (Hill) Hit-and-run injury (Hill) First-degree recklessly endangering safety (Hill) Resisting an officer (Hill).  fox6now.com


Millburn: Neiman Marcus reports a $2500 theft at Short Hills Mall
Neiman Marcus reported that a man "known" for shoplifting named Naquan Fairley, age 30, from Union NJ, concealed a $2,595 Montclair jacket in a shopping bag and left the store without paying. He drove away from the mall in a silver Chevy cruise. The store and mall security gave the police with video of the theft. The incident is under investigation by the Millburn Police Detective Bureau.   tapinto.net


Irvine, CA: $700 In Clothing Stolen, 3 Arrested In Irvine Spectrum Theft