There is not a week that goes by when we don’t hear about another security breach on a large corporation or enterprise. Millions of personal details have been stolen and guess what? It is highly likely that your name is on the list. What can we learn about these breaches for our own business?
Well in this post I am going to go into the details on the biggest breaches of 2018, how they happened and how to protect your business against the same form of attack.
As a bonus, I’m going to tell you all about the cool tool that you can check to see if your details have been stolen.
Number 3: Exactis
You’ve probably never heard of this firm. I know I hadn’t. They are a marketing company that does data aggregation. Three hundred forty million records breached. This happened back in June of 2018.
A security expert spotted an open database on one of their public servers. Whilst the data was not hacked; it was just sitting there waiting to be found.
How do you protect your business from this type of scenario? Make sure you know where your data is stored and who has access. Implement a policy on any new IT infrastructure or cloud services that are being installed in the business and have some form of auditing on where data is located.
Number 2: Marriott Hotels
I’m sure you’ve stayed at one of the Marriott group hotels in the past. These include:
- St. Regis
- The Luxury Collection
- W Hotels
- Le Meridien
- Tribute Portfolio
- Design Hotels
- Four Points
Five hundred million customer records were breached between 2014 and September 2018. These were ongoing independent hacks over a prolonged period. It is surprising it was not spotted sooner. What can we learn from these type of attacks?
Make sure your IT security can scale with the size of your business and the systems you have. Marriot had both web portals, point of sale machines and internal databases hacked. Anytime you add a new system into your Technology stack there posses a security risk. Make sure you include all systems in an IT security audit.
Number 1: Aadhar
in conclusion, again this may not be an organisation you have heard of, but it’s a government agency based in India. 1.1 billion Indian residents personal details were breached including their social security number (ID number). This happened back in March 2018. It turns out their database system was running what’s known as an API – this is just a way for two different systems to speak to each other. Anyway, the API was not secure, and data was being leaked to outside sources.
What can we learn here? Well, there are a lot of these API’s in use, and if you are using any services that hook into products like Office365 or G-Suite, then an API is may be in use. Make sure any services that you might sign up with that use an API that speaks to one of your other business systems is secure and legitimate. The best way to check is by asking us.
As promised we have a bonus – the above companies mentioned are only the top 3 of 2018 – there are many more.
You can check to see if your personal or business account has been hacked by using this free tool here.
This tool checks your company email address or personal address against a database of information that is actively being sold for profit on the dark web. If you have had an account breached or would like to secure your IT systems, then please click here to email Dale.