Tag Archives: Data breach

Survey Shows Data Breaches Lead to Poor Customer Retention

Data breaches are a common occurrence, with organizations large and small falling victim to online attackers. The impact of a data breach is not just the economic loss of data; a breach also leads to the loss of customer loyalty as well.

Ping Identity recently released the results of its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era, unveiling consumer sentiments and behaviors toward security and brands impacted by data breaches.

Survey Results

The collected data highlights the importance of protecting customer data, with the survey finding that 78 percent of respondents would stop engaging with a brand online after a data breach. Continue reading Survey Shows Data Breaches Lead to Poor Customer Retention

Cathay Pacific Airline Breach Affects 9.4 Million Customers

Hong Kong-based Cathay Pacific airline recently announced that its computer systems were compromised. The data breach was detected in March and compromised the personal data of roughly 9.4 million passengers. The exact attack vector is unknown.

Airline’s Response

Cathay, who is currently investigating the incident, confirmed information such as phone numbers, dates of birth, passport numbers, and frequent flier numbers were exposed. Additionally, the airline added that 27 credit card numbers had also been acquired in the breach.

“We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures,” said the airline’s chief executive, Rupert Hogg. Continue reading Cathay Pacific Airline Breach Affects 9.4 Million Customers

Dissecting 2018’s Mid-Year Data Breach Statistics

After the first six months of 2018, 4.5 billion data records have already been compromised according to a recent report. Data breaches have affected businesses large and small, from Adidas (two million records compromised) to Facebook (up to two billion accounts affected) to municipal airports and accounting firms, and 2018 has already seen more than its fair share of massive global data breaches.

The Gemalto Report

Digital security specialist Gemalto revealed in a new report that 945 data breaches led to a staggering 4.5 billion data records being compromised worldwide in the first half of 2018.

Although the total number of breaches were down from the same period the year before, the number of records compromised were up over 130 percent as the severity of individual incidents increased. Continue reading Dissecting 2018’s Mid-Year Data Breach Statistics

California Becomes First State to Pass IoT Security Law

California continues to pass tighter laws in the cybersecurity world.

California Governor Jerry Brown recently signed into law bill No. 327 which requires connected device manufacturers to include “reasonable” security features for those devices sold in California. With passage of this new law, California becomes the first state in the nation to adopt such legislation.

What the Law Requires

Beginning on January 1, 2020, the law will require a manufacturer of a connected device to equip the device with reasonable security features that are “appropriate to the nature and function of the device” and appropriate to the type of information collected by the device. It also mandates that any maker of an Internet-connected, or “smart” device ensures the device has “reasonable” security features that “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” Continue reading California Becomes First State to Pass IoT Security Law

Uber Settles Data Breach Investigation for $148 Million

On September 26th, Uber agreed to pay a record $148 million to settle allegations that the company intentionally concealed a major data breach in 2016.

The settlement ends a multistate investigation that found the ride-hailing company paid hackers $100,000 to conceal the breach, which exposed the names, email addresses, and cellphone numbers of 57 million users.

Uber failed to notify the 57 million individuals of the data breach and only provided public notice of the breach a year after it happened in late 2016.

Uber’s Response

Uber said in a November 2017 statement from CEO Dara Khosrowshahi that the breach was carried out by two hackers outside the company. The hackers accessed user data on a third-party, cloud-based service the company uses to store information. The hackers, however, were not able to download users’ Social Security numbers, bank account information, credit card numbers, dates of birth, and trip history, according to the company. Continue reading Uber Settles Data Breach Investigation for $148 Million

Air Canada – The Latest Company Compromised by Data Breach

Air Canada, the largest airline of Canada by fleet size and passengers carried, has reported a massive data breach of its app, putting thousands of passenger passport details, among other personal information, at risk.

Air Canada’s Response

The airline issued a warning to mobile app users that their personal data may have been compromised in a cyberattack. This may placs those who entered their details at risk of identity theft. It is believed approximately 20,000 customers may have had their data stolen. All Air Canada app users have been asked to change their passwords.

Profile data, such as names, email addresses, passport numbers, genders and dates of birth, among others, can all be stored in the airline’s app – making this stored data a potential target in the attack. Continue reading Air Canada – The Latest Company Compromised by Data Breach

Over 2 Million Customers Affected by T-Mobile Data Breach

T-Mobile is warning customers of a data breach that occurred in late August 2018. The company reported to Motherboard that hackers stole the personal data of over 2 million people during the incident.

T-Mobile’s Response

T-Mobile released an official statement saying it quickly shut down a cyberattack on their database, but the incident may have exposed the personal data of 2.3 million of its 77 million customers, or slightly less than 3% of customers.

“We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access,” T-Mobile said. “We truly regret that this incident occurred and are so sorry for any inconvenience this has caused you. None of your financial data – including credit card information – or Social Security numbers were involved, and no passwords were compromised.” Continue reading Over 2 Million Customers Affected by T-Mobile Data Breach

Encryption: Combating the Growing Threat of Data Breaches

Data breaches happen all the time, simply look to the headlines and you’ll find multiple examples of corporations struggling to protect their data. From Target and Equifax to Anthem – all these organizations have fallen victim to some form of data breach usually affecting customer data. Yes, many (most) of us have received a breach notification letter or, at the very least, know someone who has.

Every state in the U.S. now has a data breach notification law. This trend is a signal to organizations conducting business in the U.S. that they should start taking the necessary actions to protect the personal identifying information (PII) of their customers, clients and employees.

Encryption

One of the best ways to protect PII is through encryption; an algorithmic process which transforms readable data into unreadable data and that requires a confidential process/key to make the data readable again. An encryption key is a string of bits used to scramble and unscramble data, essentially unlocking the information and turning it back to readable data.  Continue reading Encryption: Combating the Growing Threat of Data Breaches

Ticketmaster UK Discloses Third-Party Data Breach

Ticketmaster UK notified thousands of customers, roughly five percent of its entire customer base, that they may be at risk of credit card fraud due to malware found in a third-party customer support service. Ticketmaster UK customers who bought a concert, theater, or sporting event ticket between February 2018 and June 23, 2018 may have been affected.

The Breach

The breach didn’t occur at Ticketmaster itself. Rather, the breach occurred at Inbenta, a third-party provider of AI-powered live chat widgets, through the use of malicious code delivered through the Inbenta live chat widget. The malicious code collected Ticketmaster customer data such as names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details.

Continue reading Ticketmaster UK Discloses Third-Party Data Breach

One in Four Cloud Users Have Had Data Stolen

Questions over data security haven’t slowed organizations from storing private or sensitive data in the public cloud. Indeed, 97 percent of IT professionals are using a cloud service. However, a new survey by McAfee shows that roughly one in four organizations using the public cloud has experienced some form of data theft.

Despite the risks, cloud storage is continuing to surge in popularity and usage will likely continue to grow.

Diving into the Numbers

The McAfee survey questioned over 1,400 tech industry professionals. Let’s look at some of the survey results.

A clear majority of those surveyed, some 83 percent, said that they store sensitive organizational data in the public cloud, while only 69 percent of respondents trust that the public cloud can keep that data secure. Of that data, the most common information stored on the public cloud is customer personal information – with 61 percent of respondents storing this type of stored data in the public cloud.

The McAfee survey indicates that there are signs some organizations are moving forward with caution as indicated by a drop in the percentage of organizations taking a “cloud first” approach to data storage – down to 65 percent this year from 82 percent the year before. Continue reading One in Four Cloud Users Have Had Data Stolen