Now that it’s about three-quarters through the year, we’d like to go over some of 2020’s most severe data breaches.
We’ve intentionally drawn you into this article to educate you on the breaches, how they happened, and to make sure you don’t make the same mistakes in your business.
Everyday criminals are holding small businesses hostage in return for financial gain. If you are a local business owner, the chances are you know of another local company that has had a cybersecurity incident.
Don’t let the next one be you. Here are the top 3 data breaches of 2020 (so far):
1: Marriott Suffers Another Credential-Based Breach
On March 31, 2020, Marriott published an article stating: “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.”
The actual figure was 5.2 million guest details had been stolen.
How did it happen?
The attacker gained access to a wide range of customer data, including addresses, dates of birth, and gender.
The lesson: Make sure you know where all your data is stored and what protection is in place. Who has ownership and who is responsible for controlling the access to this data? Do you have this mapped out? Start now.
2: Antheus Tecnologia
March 2020 saw a Brazilian biometric company get hacked. This resulted in 76,600 fingerprints being exposed on an unsecured server.
The server did not store the actual scan, but a binary data stream that allowed the hackers to recreate the fingerprints.
The worst part about this story is the fact that those fingerprints are now in the public domain and the individuals on the database may find themselves with problems in the future as biometrics become more widespread.
The lesson: Encrypt data that may be on the edge of your network. If there’s a public-facing server, this should be regularly patched and updated to the latest security standards.
Back in the early days of blogging, millions of people took to LiveJournal to air their secrets, form communities, and write reams of fanfic. In May, many of those users had an unpleasant shock when Bleeping Computer reported that hackers were passing around a database containing 26 million login credentials.
What Data Was Exposed: The database contains email addresses, user names, and unencrypted passwords. Typically, this type of data would only have value as a tool to enable further credential stuffing attacks. However, blogging’s highly personal nature means that hackers can use private drafts and messages for blackmail.
The Lesson: Your old data practices can come back to haunt you. Storing plaintext passwords, as LiveJournal seems to have done, is a big no-no, and they should have changed their policies to keep up with best practices.
The world has become a digital playground for cybercriminals. There are many vulnerabilities that you and your staff need to be aware of.
Contact us now at STGInfoTech.com for a security audit of your systems. We are open for business during COVID-19 and service West Hollywood as well as the greater Los Angeles and Orange County area. Please check out our website for up to date information or give us a call at (323) 761-2634. Don’t let your business be the next local headline.