Data breaches are a growing concern and more and more sensitive information is shared through online channels and business networks.
Data breaches affect more than just banks or large corporations. Breaches become personal when they hit our social media, travel, and recreational environments, as well. It seems almost impossible to stay ahead of the growing threats, but awareness is an important first step toward proactive data protection.
Here are four of the most notable data breaches of 2018.
Given the intimate role Facebook plays in the lives of so many individuals, and the disturbing implications of its effect on global current events, news of last year’s Facebook data breach was particularly alarming. The accounts of approximately 50 million Facebook users were put at risk, allowing hackers to access personal data. Private messages and credit card data were not exposed, but information exposed included demographic details such as names, gender, and hometowns.
The vulnerability appeared after Facebook accidentally added these items in its video uploader, which, in some instances, created an access token that could be exploited by bad actors. Facebook has since fixed this error and investigations continue.
Users can help avoid being exposed to such risks by applying two-factor authentication and limiting the amount of personal information shared on the site.
In September 2018, Marriott International suffered a breach affecting nearly half a billion customers through vulnerabilities in the guest reservation database for its Starwood Hotels and Resorts International subsidiary.
In this case, names and addresses of users were compromised, as well as passport numbers. Over 300 million customers will have to apply for new passports if they wish to avoid issues of identity theft or other problems.
This breach wasn’t a sudden infiltration, but one that may have been going on for a few years – dating back to Marriott’s 2014 acquisition of Starwood. That same year, Starwood had already experienced a major credit card hack and, due to a website vulnerability, was being targeted by Dark Web hackers.
Given that hotels are interconnected with so many other businesses, it’s more important than ever that the hospitality industry take the lead in strengthening its security, perhaps setting an example for other industries.
“We are writing to let you know that we recently discovered that some user data was compromised as a result of unauthorized access to our systems by a malicious third party. We are very sorry for any concern or inconvenience this may cause. We are working rapidly to investigate the situation further and take the appropriate steps to prevent such an incident in the future.”
That notification was delivered in an e-mail to 100 million Quora users not too long after the 2018 Marriott breach. In this instance, the range of personal data compromised was much wider: names, encrypted passwords, email and IP addresses, account settings, social media links, and various forms of user-generated content. Anonymous users were fairly safe since Quora doesn’t store identity data from anonymous users. But everyone else had their accounts logged out and required a password reset.
It is thought that the attack was the result of weaknesses either in one of Quora’s web applications or through a trusted third party like a data processor.
Protections from such attacks are difficult at the user level and require an abundance of trust in the service provider to keep such attacks at bay. Quora users are being cautioned to be extra vigilant when downloading from unfamiliar links or responding to unrecognized e-mails.
Throughout mid-2018, up to 380,000 customers of British Airways may have had crucial data exposed and stolen, including not only names and addresses but also credit card numbers, expiration dates, and CVV numbers.
While the previous data breaches mentioned have numbered in the millions, the comparatively smaller number of exposed customer accounts is no less alarming given the nature of the data available to malicious hackers. It is believed that the data exposure resulted when some kind of digital skimmer accessed their flight booking system to copy data during the flight purchase process.
What do these data breaches mean for you?
Customers place a lot of faith in businesses that handle their personal data to protect that information from prying eyes. While there is an incentive for companies to keep a tight grip on security – even if only to maintain customer confidence – emerging legislative and administrative measures aim to further protect customer data with the threat of fines for companies that are careless with the systems handling sensitive information.
It is challenging to function today without using technology and putting personal and corporate data at risk. But it’s not unreasonable to expect companies to take data protection seriously and maintain some level of vigilance against the rising tide of hackers and other cybercriminals.
What can you do?
As a consumer, choose the businesses and sites you interact with carefully. Try to find out how your personal data is being used, restrict the information you share to what is absolutely necessary, and practice safe habits when downloading or interacting with suspicious links or e-mails.
As a business owner, you have a responsibility to protect your employees, your assets and your customers. So you owe it to yourself and those depending on you to educate yourself, take cybersecurity seriously and partner with experts who can help you strengthen, support and maintain your network integrity.