Cyber Alert Monday,Data Breach- The Cyber-criminal Spring Break party jumps off early this year, targeting favorite food spots, kids camps and more.
Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains.
Exploit: Credential stuffing attack. ( A type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a Data Breach). This information is used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application).
Risk to Small Business: Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.
Individual Risk: Moderate: This Data Breach consisted of exposed accounts containing personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.
Customers Impacted: 12,000.
How it Could Affect Your Business: The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring. Source
DataCamp: Online learning platform for data science
Exploit: Unauthorized system access.
Risk to Small Business: Severe: Last Monday, the site announced that it had suffered a breach affecting users of the platform. A third-party was able to gain access to one of its systems, and the company has notified users, logged out all accounts, and reset passwords since then. Additionally, an investigation has been initiated to discover the exact cause of the breach and how many users are affected.
Individual Risk: Moderate: Personal information including names, email addresses, and optional information such as location, company, biography, education, and profile picture were exposed. This was coupled by account details containing hashed passwords, account creation dates, last sign-in dates, and IP addresses. Users should immediately reset their passwords across all associated accounts, especially if they created a complete profile on DataCamp.
Customers Impacted: To be determined.
How it Could Affect Your Business: Striking the balance between convenience and security becomes increasingly difficult during a breach incident. In this scenario, DataCamp took an added precaution by logging all users out of their accounts and requesting password resets. However, it is entirely possible that users will switch over to other platforms after being inconvenienced. To maintain a loyal customer base, companies should focus on security solutions that are not intrusive to the customer’s path to purchase. Source
Truluck’s Seafood, Steak, & Crab House: Houston-based chain restaurant
Exploit: Malware injection into point-of-sale (POS) systems.
Risk to Small Business: Severe: Truluck’s recently disclosed a Data Breach notification to one of its servers, which occurred between November 21 to December 8 of 2018. The investigation has revealed that malware was injected into POS systems of 8 restaurant locations across Austin, Houston, Naples, Southlake, and Chicago. Although payment information was compromised, personal information was not stored, which means that the company will likely deal with breach-related expenses but be able to retain customers.
Individual Risk: Severe: Compromised information included debit or credit card numbers and expiration dates. Hackers can use such details to execute payment fraud, so previous restaurant patrons should continuously review account statements and monitor credit reports.
Customers Impacted: To be determined.
How it Could Affect Your Business: The payment breach was discovered two months after it was initially conducted, signaling an opportunity for Truluck’s to implement advanced security monitoring technologies. All businesses should consider the promise of machine learning solutions, which can detect and predict suspicious activities before they inflict damage. Source.
Protect your business from a Data Breach. Contact Kobargo Technology Partners to schedule a free consultation today!