A flurry of hacker activity
A data breach of the marketing platform MailChimp has, in turn, led to one for sports betting firm FanDuel, and a warning to users about potential phishing scams as a result. Fortunately the total number of affected people was minor. This is nevertheless another instance of a third-party vendor falling for a social engineering scheme and proving to be a weak link in a client’s defenses.
A more drastic figure is the 37 million T-Mobile customers who have had their accounts compromised after a breach late last year, and revealed last week. Using an undisclosed flaw in one of the company’s Application Programming Interfaces (APIs), the hacker was able to access names, addresses, emails, service plan and other types of information. Notably, T-Mobile has assured that all malicious activity was contained, and insisted that their policies and systems kept the most crucial customer data safe behind lock and key. One would hope for nothing less from a company that has experienced 8 known breaches since 2018. Encryption is a key component of any such policy, and at NetLib Security our Encryptionizer solution is no stranger to helping organizations achieve this.
Most recently, T-Mobile had to pay $350 million in a class action settlement, while also adding $150 million for security improvements.
Other major names continue to make waves in the security headlines: Uber, for its breach back in September that exposed sensitive employee and customer data on hacking forums; PayPal, for a credential stuffing attack that affected around 35,000 customers. Businesses of a size like these have the ability to weather such storms without an excessive strain on their resources. Smaller and medium sized entities won’t find it so…well, I can’t say “easy,” even for the big companies, but without the same means, smaller organizations will find the experience exponentially more taxing.
If ill-prepared, dealing with the fallout of a data breach can strain a company to breaking. Consumer protections have proliferated to strictly enforce responsibility among data collecting organizations. As of January 1, in fact, enforcement of the California Privacy Rights Act (CPRA) has begun, an extension of the existing California Consumer Privacy Act (CCPA). Uber’s recent breach could very well run them afoul of the new statute, as an example.
The lesson from the ongoing bevy of breaches remains the same. With strong protective measures, such as encryption, the risks, penalties and business disruption you’ll incur from a data breach are greatly reduced. NetLib Security is a proven partner in this field, ensuring that when the bad actors get in, the valuable data is safe from their prying eyes and grubby fingers.