Security Breaches could lead to identity theft and tarnish your brand
Posted by Minal Pithia on Mon, Jan 31, 2011
The internet landscape has changed and companies are at a far greater risk of security violations. Recent security breaches have
spurred a new threat for corporations, small organizations and government institutions. Hackers and phisher’s are now after high-profile organizations and no one is completely safe.
Let’s take a look back at 2010. The non-profit Identity Theft Resource Centre (ITRC) reported 662 US-data breaches for 2010, a 33% increase from 2009.
- 62% of the reported incidents involved the loss of Social Security data
- 26% of the breaches involved payment card information
2010 ended with a number of high profile data breaches which affected three well known companies— McDonald’s, Honda and Gawker Media.
- McDonald’s lost thousands of customers’ details when its third-party database firm was discovered to have been hacked. A hacker got hands on customer names, phone numbers, birth dates, street and email addresses. It has been reported that the third-party email marketing service is also affiliated with other organizations that may have been affected by the breach. McDonald’s also disclosed that the breach did not include social security numbers, credit card accounts or any financial information (Reuters).
- American Honda contacted 2.2 million customers after hackers stole a database of customer names, email addresses and vehicle identification numbers. According to a report by the Columbus Dispatch the data was stolen from a third-party company who sent out "Welcome" emails to customers who created accounts with the firm (Sophos). This is a major concern as such sensitive customer information could be used by phishers and spammers for sending out emails with malicious attachments and scams that could lead to identity theft.
- Gawker Media group were also breached by hackers who stole the usernames and passwords of more than 1.5 million people. Later, it was also reported that a Twitter scam posting 10, 000 tweets a minute, which came from people who registered with Gawker Media and used the same password for their Twitter accounts. In addition, Gawker Media’s owner and employee data were also published online. With that said, we can see how this could lead to spear phishing attacks and users losing trust in the organization. No matter how small or big your organization, it is essential to have a mitigation plan in place.
Most importantly, take care of the customers’ data that you store and also have your partners and third-party vendors follow strict guidelines and best practices. It is vital for companies to invest in an incident response plan as it doesn’t take long to have situations like this get out of control. Organizations with a mitigation plan in place will cope with the situation in a more coherent way, as communication both internally and externally will be managed quickly and efficiently, thereby protecting the reputation of the organization and preventing future security breaches.
Be one step ahead! Before the media and competitors get more vocal, understand the risk, invest in a mitigation plan and protect your company and customers.