Year 2018 rated as another year of ‘Breach Madness’ with the number of network breaches in the first half of the year outpacing the entire year of 2017.
As consumers, we should be very concerned with this rise in cyber crime. Moreover, if you break down the breaches, cyber-criminals are expanding their strategy by breaking into businesses with less protection mechanisms, but still accessing a wealth of meta-data like personal information, credit cards, social security numbers, etc. Keeping this in mind we shouldn’t develop a “numbness” to these breaches. They are a real danger to our digital existence. We as consumers and all network administrators should be proactively practicing security safeguards and analyzing our digital existence on a regular basis.
If we take a look at some of the breaches from 2018, you will see the cyber-criminal community changing their hacking strategies by attacking not only high profile companies to obtain sensitive data, but mom-and-pop shops as well. In particular, more data is being exfiltrated from smaller companies than ever before.
In the retail space, Macy’s confirmed that a portion of customers shopping on Macys.com and Bloomingdales.com during a time period from April 26th to around June 12th could of had their personal information along with credit card details exposed. Macy’s did not disclose exactly how much personal data was exposed or how many customers were affected.
Adidas, Sears, Best Buy, Saks Fifth Avenue, Whole Foods, and Under Armour were among other retailers with Breaches for 2018. Under Armour’s health and fitness tracking app MyFitnessPal was breached with roughly affecting 150 million users personal information.
Retailers are not alone. In the restaurant space, Panera Bread disclosed a breach in April 2018 leaking customers’ records in plaintext. It is believed to of affected as high as 37 million customers.
Applebee’s stores owned by RMH Franchise Holdings were breached affecting their payment card systems. This included 167 restaurants in Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Pennsylvania, Texas and Wyoming. The breach involved data like names, credit or debit card numbers, expiration dates and even card verification codes.
Universities and school districts have also been targeted throughout 2018. In particular, Iranian sponsored hacker groups were indicted in hundreds of universities attacks and millions of personal data records being exfiltrated. This area of attack focus has been around for many years but until recently has not been highly vocalized to the public. Another education industry example is the phishing attack on the California San Diego Unified School District that led to data exfiltration of more than 500,000 individuals social security numbers, first and last names of students and staff members, as well as date of birth, address information, phone numbers, benefits, login information and a multitude of other detailed data about the individuals. With this type of information in the wrong hands, the digital existence of these individuals is at high risk.
The above breach instances are just a fraction of the breaches from 2018, yet demonstrate the possibility that your digital existence has been or can be compromised. From these examples, it is not a matter of “if” your personal data becomes compromised, but a matter of “when”. This is our new digital landscape that we have to personally deal in 2019 and beyond.
For more information about SecOps Cyber Institute, visit www.SecOpsCyberInstitute.com.