July 31, 2019//Ellen Neveux
The lowdown on keeping your data secure: Select Restaurant, PG&E, LabCorp, Quest Diagnostics, and Capital One
The past few years have been filled with data breaches, cyberattacks, and unauthorized access. With all of these cyberattacks happening, it makes it feel like a new company falls victim each day.
In 2017, Select Restaurants left customers’ sensitive information – including name, card number, expiration date, and CVV– on the table. The company, which manages 12 seafood restaurants across the US, was alerted to the hack by their point of sale (POS) vendor. Further investigation showed a data breach across all of the restaurant locations, stemming from a third-party network intrusion. According to Upserve’s comprehensive list of compromised restaurants cyberattacks on POS systems and vendors are quite common in the restaurant industry because these systems aren’t as secure as they could, or should, be.
In early 2018, an unnamed utility company was fined $2.7 million for leaving 30,000 records about its information security assets exposed online for 70 days back in 2016. Just this week, it was released that this company was Pacific Gas & Electric Company (PG&E). According to Data Breach Today, this breach happened after a third-party contractor had improperly copied data from the utility network to their own network.
In June of 2019, both LabCorp and Quest Diagnostics experienced third-party data breaches that exposed 7.7 million and 11.9 million records, respectively. Included in the exposed records were names, date of birth, address, phone number, date of service, and more, according to TechCrunch, and ranged from August of 2018 until March of 2019. Both breaches were caused by a hacker that gained access to American Medical Collection Agency’s (AMCA) system, who is a third-party that the two companies have in common.
Continuing with the trend of data breaches in 2019, Capital One announced a third-party data breach that exposed the names, addresses, phone numbers, emails, dates of birth, and self-reported incomes of approximately 100 million Americans, and 6 million Canadians, due to a “configuration vulnerability” in the servers of an unnamed cloud computing company, their vendor, that hosts the bank’s data.
Are you next?
These events highlight the multitude of data breaches that occur every day (remember Tesla, Ford, and Ticketmaster), which leads us to ask this question– how secure is your data, especially when it comes to your third-party vendor access?
Have you considered the consequences of becoming susceptible to a data breach or ransomware attack? In a Ponemon Institute and IBM study, they reviewed the current Cost of a Data Breach. After a 10-month process of interviewing 1,500 people across 383 companies around the globe, the report concluded that the average cost of a data breach is $4 million, which is up 29% since 2013.
Three ways to keep your data secure:
With a 26% chance of a data breach occurring over the next 24 months, can you afford to take that risk? Securing all third-party access to your company’s network will keep your data secure and ensure you avoid the associated financial, reputational, and regulatory risks.