SAN JOSE, Calif. (KGO) -- It's estimated eight out of 10 Americans have shopped online, entering sensitive personal data. Credit card numbers, passwords and addresses, for example. And that's a gold mine for cyber-criminals that hack into online sites.
San Jose's Thales eSecurity's latest research says half -- 50 percent -- of all medium and large online retailers it surveyed acknowledge they've been hacked. That's two a half times higher than a year ago. Changes in payment systems are making security more challenging.
RELATED: Investigation finds millions of smart TVs can be hacked
"Now we have mobile devices, we have digital payments, we have mobile payments, we have person-to-person payments," said Thales chief strategy officer Peter Galvin. "Because of the way those changes have occurred, there really isn't a perimeter. There's no four walls to protect."
This year alone, hackers broke into the retail sites of Adidas, Saks Fifth Avenue, and Under Amour, according to the nonprofit group Privacy Rights Clearinghouse.
The servers of those and all other retailers store sensitive data. That is leading to increased spending to encrypt that data. Or to add two-factor authentication, where a retailer will send a text message with a code to verify it's you. A single breach can cost retailers hundreds of millions of dollars and can impact customer confidence.
RELATED: How to spot fake products online
Experts point out some breaches can be minor so the hacking data should be taken with a grain of salt. Still, consumers are sensitive about their personal data. Professor Kirthi Kalyanam, director of the Retail Management Institute at Santa Clara University, had his own credit card information stolen when Target was hit by hackers.
"It makes people a lot more cautious about going back to the retailer and giving their credit card because if it happens again, then they have to go through that inconvenience again."
For more recent technology stories, photos, and video, visit this page.
Online shopping sites see hacking increase despite security efforts