It seems nearly every day, news of another data breach is exposed, and experts predict it’s only going to get worse. The most recent companies to fall victim to an attack are Delta, Best Buy, and Sears. However, this latest breach didn't target the three corporations themselves, but rather a software vendor that each uses for online chat services, 7.ai (no, that’s not a typo). By penetrating the vendor’s infrastructure, hackers were able to acquire unauthorized access to thousands of customers’ personal and credit card information.
What Kind of Breach Was This?
Ransomware has been making headlines lately, so when you hear of a data breach it’s not uncommon to assume this is the case. Because the terms ransomware and data breach are often used interchangeably, it’s important to understand the differences. The recent attack on the City of Atlanta was, by definition, a ransomware attack. The hackers exploited a weakness in the city’s infrastructure, encrypted all their data, and refused to release it unless a ransom was paid. The data wasn’t stolen pre se; it was just unavailable.
In the case of the malware attacks to 24.ai which affected Delta, Best Buy, and Sears, hackers weren’t looking for a ransom—they just wanted valuable data they could use for their own means. So, they found a way in and simply took what they wanted, i.e. a data breach.
How Many People Were Affected?
While we'll likely never know exactly how many individuals' data was stolen, all three companies are trying to mitigate the seriousness of the damage through individual statements:
- Delta claimed, “only a small subset of our customers have been exposed.”
- Best Buy claimed, “only a small fraction of our overall online customer population could have been caught up in this incident.”
- Sears claimed “less than 100,000 customers were impacted”
Of course, losing the data of even just one customer is one customer too many. That's why it’s imperative that organizations closely vet each software vendor they choose in order to be sure the provider only works under the most stringent of security protocols.
While the statements from Delta, Best Buy, and Sears aren't surprising, what is unusual is their software vendor’s delay in notifying each client. Though the incidents have just come to light, in a statement 7.ai disclosed that the breach actually occurred September 26, 2017, and that it was contained sixteen days later. However, nowhere in the statement did 7.ai address why it took them more than five months to inform their clients of the breach. Again, this is why it is of the utmost importance that companies only work with vendors that take security seriously and have a solid incident response plan in place to contain further damage following an incident.
How Can I Protect My Organization?
We’ve identified eight steps organizations can take to secure their data on their own:
- Ensure all customer data is stored in an encrypted database.
- Utilize multiple levels of passwords to gain access to any database storing customer information; change these passwords frequently.
- Backup and update systems regularly.
- Run background checks on employees handling customer data.
- Use malware detection software on servers and workstations.
- Ensure firewalls are live and secure.
- Review disaster plans with staff so they are prepared if one occurs.
- Educate employees to handle suspicious links and attachments with caution.
Of course, organizations don’t have to handle this complicated topic on their own. Companies of all sizes are turning to Disaster Recovery as a Service (DRaaS) to let professionals handle the security of their infrastructure. DRaaS is generally easy to implement and offers access to IT experts while providing high levels of security, compliance, and scalability. DRaaS offerings can be confusing, and vary from company to company, so if you are interested in learning more about what to look for click here. With DRaaS you can spend less time worrying about security and more time focusing on the big picture.