Last week, hackers make a sport of exploiting online gamers’ data, unauthorized database breach affect software firm, and business leaders lament today’s data landscape.

United States – Zynga 

Exploit: Unauthorized database access
Zynga: Social game development company

Risk to Small Business: 2 = Severe: Hackers gained access to the company’s database, which exposed the personally identifiable information (PII) for millions of customers. The company discovered the breach in September, and they responded by hiring an external investigator to determine the scope and severity of the breach. Unfortunately, by the time they responded, hackers uploaded user data to various hacker forums.

Individual Risk: 2.428 = Severe: The data breach applies to all users of the platform’s popular Words with Friends gaming app on Android and iOS who registered on or before September 2, 2019. In addition, some users of Draw Something, another mobile game produced by Zynga, were compromised. The exposed information includes names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs, and other Zynga account details. Since this information is already available to bad actors on the Dark Web and will be used to perpetuate additional cybercrimes, those impacted by the breach should carefully monitor their accounts while being especially watchful for other fraudulent communications.

Customers Impacted: 218,000,000

How it Could Affect Your Customers’ Business: Data security is increasingly top of mind for consumers. For companies operating in a highly competitive marketplace, it can mean the difference between keeping your customers happy while increasing revenue or losing them forever. Therefore, businesses of every size need to meet the moment by understanding their vulnerabilities, embracing best practices for cyber defense, and building a breach response action plan.

---

United States – Zendesk 

Exploit: Unauthorized database access
Zendesk: Customer service software company

Risk to Small Business: 1.888 = Severe: More than three years after the event, Zendesk acknowledged a data breach after a third party notified the customer service software company of unauthorized data access. The breach impacts Support and Chat accounts, and it includes personal data from all categories of Zendesk users, including customers, agents, and end-users. The company is resetting all passwords for users that registered before November 1, 2016. However, the platform touts many high-profile companies as clients, which means that the breach could have far-reaching repercussions for all stakeholders involved.

Individual Risk: 2.285 = Severe: The personal details of customers, agents, and end-users were compromised in the breach. This includes names, email addresses, phone numbers, passwords, and other technically-oriented data. The company is contacting all customers who could be impacted by the breach, and those affected should reset their Zendesk passwords and any redundant passwords used on other platforms.

Customers Impacted: 10,000

How it Could Affect Your Customers’ Business: When it comes to protecting customer data, speed and precision are your best friends. Unfortunately, too many companies don’t have the IT capabilities to identify a data breach or to adequately investigate an event after it happens. As a result, customer data can virtually linger indefinitely before protective action can be taken, such as changing passwords or otherwise ensuring data integrity. This incident serves as an important reminder that every business needs to enlist in services that help proactively monitor and protect customer data.

---

Canada – The National Basketball Association 

Exploit: Unauthorized database access
The National Basketball Association: Men’s professional basketball league in North America

Risk to Small Business: 2.111 = Severe: An unauthorized user accessed a server managed by the NBA for its Canadian business efforts. The league quickly identified the intrusion and took the server offline, began an investigation, and hired cybersecurity experts to make further recommendations. However, these measures can’t retroactively restore users’ data integrity, nor will it negate the reputational damage that always accompanies a privacy breach.

Individual Risk: 2.428 = Severe: The exposed user data includes names, addresses, email addresses, phone numbers, and other account-related information. Although the breach is limited to those who recently entered an online contest in Canada, this information is especially sensitive, and those impacted by the breach should take every precaution to ensure the long-term integrity of their credentials.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Digital platforms can be a great way to engage customers, but when data integrity is compromised, these initiatives can quickly become a liability. Therefore, cybersecurity needs to be the bedrock of any online engagement to ensure that such marketing efforts meet customers where they are secure, as opposed to manifesting into self-inflicted wounds on your company’s reputation and customer engagement.

---

The United Kingdom – EA Sports 

Exploit: Accidental sharing
EA Sports: Developer and publisher of sports video games

Risk to Small Business: 2 = Severe: EA Sports inadvertently leaked the personal data of 1,600 gamers who participated in a competition on the company’s website. The breach is related to the company’s FIFA 20 Global Series competition. Aside from becoming a PR nightmare for EA Sports on social media, the leak occurred just hours after the company’s announcement of new security features and promotional events related to the UK’s National Cyber Security Month. The webform was removed after thirty minutes, and the competition was temporarily canceled.

Individual Risk: 2.142 = Severe: The leaked data includes email addresses, account ID numbers, usernames, and dates of birth. Those impacted by the breach should monitor their accounts for suspicious or unusual activity.

Customers Impacted: 1,600

How it Could Affect Your Customers’ Business: Even relatively small data breaches can have a sizable impact on a company’s reputation and future earnings potential. Even apart from the bad press and media scrutiny that often accompanies a breach, customers are quick to take to social media to voice their concerns. Taken together, a data breach can quickly escalate into a PR disaster. To protect your brand’s reputation, prioritize customer data security.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

---

In Other News:

U.S. Senate Passes Ransomware Response Law 

Ransomware is making a devastating comeback in 2019, impacting SMBs, government agencies, and educational institutions with frightening regularity and at great cost. 

The scourge of attacks has been so profound that a bill governing ransomware response tactics actually elicited bipartisan support from a divisive U.S. senate.

The new legislation calls for dedicated teams tasked with providing organizations with best practice advice for protecting against and responding to ransomware attacks. These resources will be available for SMBs, government agencies, and schools, which were specifically addressed by the senate minority leader, Chuck Schumer.

The practical effects of such legislation are unclear, but the more prescient fact is that the law exists at all. It underscores the incredible need for more companies to adopt a best practice defensive posture and the chasm between those that are ready to defend themselves and those that remain vulnerable.

However, the law alone won’t solve SMBs problems. They need to understand the ways that their IT infrastructure might be vulnerable, and they need to make addressing those concerns a top priority.