With new regulations surrounding data protection fast approaching, now is an appropriate time to share some examples of recent data breaches that in future could cost companies thousands in fines. These five breaches could have been prevented using cloud-based security solutions, and are examples of where service providers like you could have stepped in to help.
Over 130,000 Finnish citizens have had their personal data compromised in what appears to be the third largest data breach ever faced by the country.
According to local media, unknown attackers managed to hack liiketoimintasuunnitelma.com to steal log in usernames and passwords, which were stored on the site in plain-text with no encryption.
Immediately after finding out about the breach, the website owners removed the affected website from use and issued a press release about the hack and the failure of security to its users. The Finnish Communications Regulatory Authority (FICORA) has also been alerting website users of the large-scale breach.
Failing to protect critical parts of its infrastructure, the popular drone dealership website, DronesForLess.co.uk, left its entire transaction databased exposed online to reveal the purchase history of thousands of police, military, government and private customers.
More than 10,000 purchase receipts including personal customer details, such as names, addresses, phone numbers and credit card details, were easily accessible through the internet due to the lack of security precautions taken by the online dealership.
Since the breach of data security was exposed, DronesForLess.co.uk has now removed the data from public view – but it’s unclear how or if the company has taken steps to ensure a similar instance does not take place in the future!
By @Jim_Finkle and Nivedita Balu
In March 2018, Under Armour Inc confirmed that data from 150 million MyFitnessPal user accounts had been compromised, in one of the biggest hacks in history.
Stolen data from the accounts included usernames, email addresses and scrambled passwords for the popular app and website.
Under Amour is now working with data security firms and law enforcement to bolster its security systems, but has not provided details on how hackers got into its network to pull the data without getting caught in the first place.
It recently unfolded that social network Facebook had improperly shared the data of up to 87 million users with political consultancy Cambridge Analytica.
This breach of personal data security was enabled by Facebook, as the social network provided the tools that allowed the political consultancy to harvest users’ information using a third-party application.
Taking responsibility for the data breach, Facebook has now blocked the facility that allowed the scraping of user profiles by third-party apps. The network is also making other changes that include stopping third-party apps seeing who is on guest list of event pages, only holding call and text history logs for one year, and prompting users to check the third-party apps they use on Facebook.
An armed forces resort, based in Germany, is currently investigating a data breach that left at least 18 guests – primarily soldiers and retirees – vulnerable.
The Armed Forces Recreation Center Edelweiss Lodge and Resort was alerted to the security issue after guests’ credit cards were misused post-stay and now claims the data breach was caused by a malicious program at one of the resort’s workstations.
The resort has now informed all guests who stayed during the suspect time-period of the situation and is guiding them through steps to protect their security and privacy.
How could a service provider like you have helped to prevent these data breaches?
All of these organisations had a breach of security that allowed customer or user information to fall into the wrong hands or be used without their agreement. But with the right security solutions, this could have been avoided.
One of the main issues for businesses, however, is the lack of in-house talent to deploy and manage internal security systems, presenting an opportunity for service providers like you.
With more organisations starting to make greater use of the cloud and outsourcing their security, you can help customers avoid security breaches with cloud-based security solutions that identify, prevent and respond to today’s sophisticated threats with speed and ease.
Become an MSP Hub member and read our eBook, to learn how you can take advantage of IBM’s comprehensive suite of intelligence cloud-based security solutions.