WebProNews

Tag: data breach

  • Hacker Boasts of Massive T-Mobile Data Breach, Company Investigating

    Hacker Boasts of Massive T-Mobile Data Breach, Company Investigating

    A hacker is claiming to have obtained data for some 100 million T-Mobile customers and is trying to sell it.

    In a forum post online, a hacker claims to have compromised T-Mobile servers and made off with a treasure trove of customer data. While the post itself didn’t specify the company, Motherboard reached out to the hacker and received confirmation the target company was T-Mobile.

    The data in question is allegedly full customer information, including names, addresses, social security numbers (SSN), phone numbers, driver license information and unique IMEI numbers. Motherboard was given access to a sample of the data and confirmed its validity.

    It appears T-Mobile has closed the security issue that allowed the hackers access, but not before they copied the data and made multiple backups. The hacker(s) is trying to sell a subset of the data, composed of 30 million SSNs and driver licenses, for 6 bitcoin, or roughly $270,000. The rest of the data is being sold privately.

    Motherboard reached out to T-Mobile and received the following statement:

    “We are aware of claims made in an underground forum and have been actively investigating their validity. We do not have any additional information to share at this time.”

  • University of Kentucky Discloses Large Data Breach

    University of Kentucky Discloses Large Data Breach

    The University of Kentucky has sent out a letter disclosing a data breach impacting some 355,000 individuals.

    UK discovered the issue during an annual cybersecurity penetration test. The breach occurred in June 2021, impacting the College of Education database, part of the university’s Digital Driver License (DDL) platform. The DDL is used by K-12 schools and other colleges, both in and outside of Kentucky, for online training and test-taking.

    UK says the database contained usernames (usually a person’s email) and passwords for some 355,000 individuals, although the university says it contained no other personal information, minimizing potential identity theft concerns.

    “The University of Kentucky has spent more than $13 million on cybersecurity in last five years alone,” said Brian Nichols, UK’s chief information officer. “We have increased cybersecurity investments and enhanced our mitigation efforts in recent years, which enabled us to discover this incident during our annual inspection process conducted by an outside entity. Although the potential for identity theft is limited, we take this incident seriously and it is unacceptable to us. As a result, we will be taking additional measures to provide even more protection going forward. UK’s chief concern is end user privacy and protection and we are making every effort to secure end user data.”

    You can read UK’s full disclosure letter, contributed by The Recordhere.

    The DDL’s primary purpose is to provide free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. The platform is also used by the university for some of its own test-taking capabilities.

    The DDL breach was discovered in early June when the university carried out scheduled penetration tests of its platforms with the help of a third party.

    The test uncovered a vulnerability in the DDL platform, which when the university investigated further it discovered that it had been exploited earlier in the year.

  • McDonald’s Impacted by Data Breach

    McDonald’s Impacted by Data Breach

    McDonald’s now joins an ever-growing list of major companies impacted by data breaches.

    On the same day that VW announced it was impacted by a data breach, fast-food leader McDonald’s announced it too has suffered a breach. The company says private information was accessed for both employees and customers in South Korea and Taiwan.

    According to CNN Business, McDonald’s says it’s cybersecurity investments were to thank for helping the company identify the breach as fast as it did, preventing additional harm.

    “These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”

    It seems the damage could have been far worse had McDonald’s not contained the breach so fast. According to The Wall Street Journal, the hackers also gained access to some US employees’ business contact information, as well minor logistical information on some US restaurants, such as seating capacity. No sensitive or personal information was leaked for US employees or customers.

  • Data Breach Impacts 3.3 Million VW Customers in North America

    Data Breach Impacts 3.3 Million VW Customers in North America

    Volkswagen has disclosed a data breach with one of its vendors, impacting some 3.3 million North American customers and prospective buyers.

    Volkswagen is currently the largest auto maker in the world, and has been for several years. Like many companies, however, VW uses outside vendors to help handle sales and marketing data, and it appears one of those vendors is responsible for a massive data breach.

    According to Reuters, the breach involved sales and marketing data collected between 2014 and 2019, primarily for VW’s Audi brand. The vendor responsible for the data had left it unsecured on the internet from August 2019 to May 2021 when it was accessed by an unauthorized third party.

    VW told regulators that phone numbers and email addresses comprised the bulk of the data accessed, although vehicle information may also have been involved. Of sensitive data accessed, 95% of it involved driver license numbers, with a small amount also including birth dates, Social Security number and account numbers.

  • Microsoft Outlook a Major Security Issue for WFM

    Microsoft Outlook a Major Security Issue for WFM

    Amid an unprecedented transition to work from home (WFM), Microsoft Outlook has come into focus as a security weak point.

    Microsoft 365 has been an important factor for many organizations, helping their employees stay connected and productive while working remotely. Unfortunately, using Microsoft Outlook is directly linked to a higher incidence of data breaches.

    Software company Egress found “that 85% of organizations using Microsoft 365 have had an email data breach in the last 12 months.” In addition, there was significant disparity between the number of data leaks experienced by companies using Outlook, versus those that weren’t.

    Organizations using Microsoft 365 have seen a 67% increase in data leaks via email since March 2020 – compared to just 32% of the businesses who don’t use it. And these aren’t one-off incidents. We also learned that 15% of Microsoft 365 organizations had been breached over 500 times during that same time period.

    Microsoft is already under scrutiny for its role in the SolarWinds breach. This latest report is sure to be an unwelcome one, and will likely increase scrutiny even more.

    In the meantime, organizations that rely on Microsoft Outlook would do well to read the Egress report in its entirety.

  • Data for 500 Million Facebook Users Found Online

    Data for 500 Million Facebook Users Found Online

    Data for some 500 million Facebook users has been found online, in the latest incident involving the social media giant.

    The data, involving 533 million Facebook users, was published online Saturday. Alon Gal, cybercrime intelligence firm Hudson Rock’s CTO, was the first to discover the data had been leaked.

    https://twitter.com/UnderTheBreach/status/1378314424239460352?s=20

    According to Gal, the data includes full name, birthdate, phone number, Facebook ID, location, past location, bio, relationship status, account creation date and, in some cases, email address.

    The data includes users in over 100 countries, including the data of more than 32 million US users.

    https://twitter.com/UnderTheBreach/status/1378724412334219265?s=20

    According to Business Insider, the first to report the story, Facebook says the information was gathered as a result of a vulnerability that allowed data to be scraped. The company says the issue was fixed in 2019, making this ‘old data.’ Nonetheless, the fact that it includes so much personal information makes it just as dangerous now as when it was scraped.

    Facebook is already under increased government scrutiny, and this is sure to bring even more.

  • T-Mobile Data Breach Exposes 200,000 Customers’ Data

    T-Mobile Data Breach Exposes 200,000 Customers’ Data

    T-Mobile has suffered a major data breach, impacting some 200,000 customers.

    Wireless carriers are prime cybersecurity targets, thanks to the wealth of customer data they have access to. According to T-Mobile’s disclosure, its cybersecurity team discovered unauthorized, malicious access to some of that customer information.

    Fortunately, “the data accessed did not include names on the account, physical or email addresses, financial data, credit card information, social security numbers, tax ID, passwords, or PINs.” The hackers may have accessed “phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.”

    The company is working with law enforcement agencies and has begun notifying those customers affected.

    This is the third major breach T-Mobile has suffered, and the second of 2020. Especially with T-Mobile’s newfound status as the second-largest carrier, it will need to do more to keep its customers’ data safe.

  • Sophos Suffers Data Exposure Incident

    Sophos Suffers Data Exposure Incident

    Security firm Sophos has informed customers it suffered a data breach as a result of a misconfigured database.

    According to ZDNet, customers’ personal information was exposed, including names, emails and phone numbers. The company informed impacted customers via email, which ZDNet got a copy of.

    On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support.

    The company confirmed the breach to ZDNet, saying that only a “small subset” of its customers were impacted. Nonetheless, this is the second major security issue this year for Sophos, a major source of embarrassment for a company in the business of providing computer security to its customers.

    The company tried to assure customers it was doing everything it could to address the issue.

    At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.

  • Vertafore Data Breach Exposed 28 Million Texas Driver’s License Records

    Vertafore Data Breach Exposed 28 Million Texas Driver’s License Records

    Vertafore has acknowledge a data breach that has exposed the driver’s license records of some 28 million Texans, thanks to unsecured files.

    Vertafore is a company that serves the insurance industry, helping companies keep up with technology and the changing demands of the market. One of Vertafore’s key features is its ability to help agencies “unlock the power of data to drive growth.”

    Unfortunately for 28 million Texas drivers, Vertafore didn’t do enough to protect the data it had access to. According to the company’s announcement, three data files were left unsecured on an external storage service and accessed by unauthorized parties.

    The information contained pre-February 2019 driver information, including “Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories.” The data files did not contain Social Security numbers or financial information.

    Vertafore has since secured the files, launched an investigation, hired an experienced consulting firm and is working with law enforcement. Despite their efforts at damage control, this is just the latest incident that demonstrates the challenges inherent with a data-driven society.

  • What Not to Do: Former Uber CSO Charged For Covering Up Data Breach

    What Not to Do: Former Uber CSO Charged For Covering Up Data Breach

    The Department of Justice has announced it is charing Uber’s former Chief Security Officer (CSO) Joseph Sullivan for obstruction of justice.

    The charges stem from a data breach Uber suffered in 2016, just days after Sullivan testified before the FTC about a 2014 data breach. In the 2016 data breach, hackers “accessed and downloaded an Uber database containing personally identifying information, or PII, associated with approximately 57 million Uber users and drivers. The database included the drivers’ license numbers for approximately 600,000 people who drove for Uber.”

    Rather than report the new breach, Sullivan orchestrated an attempt to pay off the hackers to prevent the FTC from finding out. To cover his tracks, Sullivan funneled the money through a bug bounty program and tried to get the hackers to sign NDAs. To matters worse, the NDAs includes statements falsely indicating that no data had been taken, statements Sullivan insisted remain in the agreements.

    “Uber’s new management ultimately discovered the truth and disclosed the breach publicly, and to the FTC, in November 2017,” writes the DOJ. “Since that time, Uber has responded to additional government inquiries.

    “The criminal complaint also alleges Sullivan deceived Uber’s new management team about the 2016 breach. Specifically, Sullivan failed to provide the new management team with critical details about the breach. In August of 2017, Uber named a new Chief Executive Officer. In September 2017, Sullivan briefed Uber’s new CEO about the 2016 incident by email. Sullivan asked his team to prepare a summary of the incident, but after he received their draft summary, he edited it. His edits removed details about the data that the hackers had taken and falsely stated that payment had been made only after the hackers had been identified.”

    The entire incident is a case study in how not to handle a data breach. At the same time, Uber’s new CEO and management team are to be commended for doing the right thing as soon as they discovered the truth.

  • Capital One Fined $80 Million For Security Negligence

    Capital One Fined $80 Million For Security Negligence

    Capital One has been fined some $80 million by the government for failing to adequately protect consumer data.

    In 2019, Capital One suffered one of the largest financial hacks in history, exposing 80,000 bank account numbers and 140,000 Social Security numbers. The US Treasury Department’s Comptroller of the Currency said the bank was negligent when it transitioned to the cloud in 2015, and failed to properly implement the necessary security measures.

    In some cases, the company’s internal audit failed to catch security issues. In other cases, the Board of Directors failed to act on issues the internal audit did flag. As a result, the Treasury Department is fining Capital One $80 million, which the company has agreed to pay.

    Capital One’s example should serve as a reminder to companies that security should always be a prime consideration—not an afterthought.

  • Majority of Users Don’t Change Passwords After Data Breach

    Majority of Users Don’t Change Passwords After Data Breach

    A new study has found the vast majority of users fail to change their passwords after being notified their data was impacted by a security breach.

    Virtually everyone has received an email from a credit agency, or a company whose products and services they use, informing them their data was compromised in a breach. Inevitably, those emails include recommendations to change their password. Unfortunately, it appears those warning go largely unheeded.

    Sruti Bhagavatula and Lujo Bauer of the Carnegie Mellon University, and Apu Kapadia of the Indiana University Bloomington, conducted a study on the aftermath of data breaches, with a goal to helping companies better mitigate damage.

    According to the researchers, “only 21 of the 63 affected participants changed a password on a breached domain after the breach announcement.”

    To make matters even worse, “previous work has shown that, on average, a user exactly or partially reuses their passwords on over 50% of their accounts.”

    This means that many customers are not only at ongoing risk from the data breach directly impacting them, but their data on other, unrelated sites is also at risk because of reusing passwords.

    The study illustrates that companies need to do a far better job of helping customers choose more secure passwords, and engage them post-breach to help them update their passwords and information. Overall, the study is an in-depth look at the challenges companies face in order to better mitigate the impact of data breaches and is a must-read for any security professional.

  • U.S. Indicts 4 China Military Personnel for Equifax Breach

    U.S. Indicts 4 China Military Personnel for Equifax Breach

    TheStreet.com is reporting the U.S. has handed down a nine-count indictment against four Chinese military personnel, claiming they hacked into Equifax.

    “This was a deliberate and sweeping intrusion into the private information of the American people,” Attorney General William Barr said in a statement.

    “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us.”

    The indictment accuses the hackers of stealing Americans’ personal data, as well as trade secrets from Equifax. The hackers evidently used a tor router to route their connection through nearly 20 countries and 34 different servers in an attempt to cover their tracks.

    While there’s virtually no chance the indictments will result in anyone being brought to justice—since they are active Chinese military personnel—it will likely be a source of embarrassment to Chinese officials, especially as the country is trying to end the trade war with the U.S.

  • FBI Seizes Site With 12 Billion Stolen User Names & Passwords

    FBI Seizes Site With 12 Billion Stolen User Names & Passwords

    In an international operation, the FBI has seized a website containing user data from over 10,000 data breaches, according to Engadget.

    According to the report, the FBI seized WeLeakInfo, a website that contained personal data taken from 10,300 data breaches. Engadget says the “site promoted itself as a legitimate way to perform security research, even though it offered phone numbers, IP addresses and other personal info that’s protected by law.”

    Even worse, the information was organized in a searchable database that could be accessed through subscriptions that started as cheap as $2. With just an email address, someone could find any associated names, passwords, phone numbers and IP addresses. Engadget recommends individuals check “security expert Troy Hunt’s excellent haveibeenpawned.com site” to see if their information has been stolen.

    As more and more services, platforms and devices become interconnected, it’s important for users to periodically change their passwords, and to use unique passwords for different services. If a person uses the same password across multiple services, it only takes a single breach to expose their data in multiple locations.

  • Wyze Data Breach Exposes 2.4 Million Customers

    Wyze Data Breach Exposes 2.4 Million Customers

    Security camera manufacturer Wyze is the latest company to experience a data breach, exposing sensitive data of 2.4 million users.

    According to Twelve Security, the cybersecurity firm that first discovered the leak, two production databases were left completely open to the internet. These databases contained email addresses of individuals who purchased cameras, emails for anyone who was given access, list of cameras in use and their nicknames, WiFi SSIDs and more.

    Wyze eventually confirmed the breach, although disagreed with some details about the information that was exposed. Wyze also denies the databases were production databases, according to a post on the company’s forums.

    “To help manage the extremely fast growth of Wyze, we recently initiated a new internal project to find better ways to measure basic business metrics like device activations, failed connection rates, etc.,” the post reads.

    “We copied some data from our main production servers and put it into a more flexible database that is easier to query. This new data table was protected when it was originally created. However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed. We are still looking into this event to figure out why and how this happened.”

    The company did confirm many other details of the breach, however, stating: “It did not contain user passwords or government-regulated personal or financial information. It did contain customer emails along with camera nicknames, WiFi SSIDs, Wyze device information, body metrics for a small number of product beta testers, and limited tokens associated with Alexa integrations.”

    The company has taken measures to address the breach and restore security. However, as Twelve Security’s author Ghost says: “Personally, in my ten years of sysadmin and cloud engineering, I never encountered a breach of this magnitude.”

    Breaches like this continue to be both shocking and unacceptable. As IoT devices become increasingly common in both corporate and personal use, security should be the number one concern—not an afterthought.

  • OnePlus Reports Second Data Breach in Two Years

    OnePlus Reports Second Data Breach in Two Years

    OnePlus is reporting the second breach of customer data in as many years. A member of the security team informed customers of the breach on the company’s support forums.

    According to the statement, some “users’ order information was accessed by an unauthorized party. We can confirm that all payment information, passwords and accounts are safe, but certain users’ name, contact number, email and shipping address may have been exposed. Impacted users may receive spam and phishing emails as a result of this incident.”

    OnePlus says immediate action was taken to stop the intrusion and shore up security, but questions remain. In a related FAQ, the company says the breach occurred last week, but there is no explanation as to why it took a week to make an announcement. Similarly, the company does not definitively say where the breach occurred, although the wording of the announcement and the FAQ seem to indicate it happened via their website rather than through a flaw in their phones. Perhaps most significantly, OnePlus did not return requests by The Verge for information on exactly how many users were impacted.

    The company did say that affected users were notified before the public announcement. If customers have not received any notification, it’s a safe bet their information was not part of the breach.

  • T-Mobile Suffers Breach, Sensitive Prepaid Data Exposed

    T-Mobile Suffers Breach, Sensitive Prepaid Data Exposed

    T-Mobile announced it has suffered a data breach, exposing prepaid customers’ sensitive information to hackers.

    T-Mobile has not said when the attack occurred, but they have confirmed that financial data was not compromised. That means that credit card and back account information, as well as social security numbers, were not impacted. The company also stated that no passwords were compromised.

    “The data accessed was information associated with your prepaid service account, including name and billing address (if you provided one when you established your account), phone number, account number, rate plan and features, such as whether you added an international calling feature. Rate plan and features of your voice calling service are ‘customer proprietary network information’ (‘CPNI’) under FCC rules, which require we provide you notice of this incident.”

    The company has not said how many customer accounts were exposed, although a spokesman did tell CNET that the number was a “very small single digit percentage of customers.”

    T-Mobile says all affected customers have been, or shortly will be, notified. If customers have not received notification, it likely means they were not impacted.

  • 50 Million Google+ Accounts Compromised in Latest Data Breach, Platform to Shut Down Earlier Than Planned

    50 Million Google+ Accounts Compromised in Latest Data Breach, Platform to Shut Down Earlier Than Planned

    The discovery of another privacy flaw has pushed Google to shut down Google+ much earlier than expected.

    Google announced on December 10 that it had discovered a security issue that potentially left more than 50 million accounts vulnerable in November. The revelation came shortly on the heels of a previous admission that a security lapse in March also affected thousands of users. Because of this, the company says Google+ will be shut down by April 2019.

    Google initially planned to sunset the platform by August 2019. The company made the announcement to close its Google+ network in October, after it admitted that an earlier breach affected 500,000 users.

    The latest bug was said to have been inadvertently created by a software patch that Google developed last month. It reportedly gave third-party apps access to account users’ profile data and exposed even information that wasn’t made public. It took the company six days to notice it and find a solution.

    In a blog post, Google’s Vice President of Product Management, David Thacker, shared that “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

    However, the bug made it possible for apps where users willingly shared their Google+ data to also access their friends’ profile or those of people who shared data with them. Google gave assurances though that it did not expose any passwords, financial data, or other sensitive details that could be used in identity theft.

    The Alphabet-owned company had also suffered a security breach in March. That particular bug placed tens of thousands of users’ personal information at risk. The company waited half a year before it admitted to regulators and the public that there was a problem. The breach happened around the time Facebook was embroiled in the Cambridge Analytica controversy. Reports stated that Google delayed revealing the problem partly to avoid regulators from scrutinizing the company.

    The admission that there was another security issue couldn’t have come at a worse time for the company. Google’s CEO, Sundar Pichai, was set to appear before the House Judiciary Committee on December 11 to be grilled about the company’s data practices.

    Google+ will be shutting down all its APIs for developers within three months. However, the platform’s enterprise version will remain functional. Google also acknowledged on Monday that Google+ had a low number of users and that there were major obstacles to turning it into a successful product.

    [Featured image via Google]

  • Google Plus Announces It Will Shutdown After Reportedly Compromising 500,000 User Accounts

    Google Plus Announces It Will Shutdown After Reportedly Compromising 500,000 User Accounts

    Google recently announced that it is shutting down Google+, with the service expected to cease operating by Nov. 2019. The announcement came on the heels of a report that an API bug exposed the profile data of 500,000 Google users using 438 different apps. However, Google claims the issue had been resolved back in March.

    The decision to phase out Google+ came after Google launched a review of third-party developer access at the start of the year. The review apparently proved what the company had already known—that consumers and developers are not that interested in the platform. The service reportedly has “low usage and engagement,” with the majority of user sessions lasting less than five seconds.

    What Happens to Google+ Now?

    Google+ users will have ample time to transition. The phase-out is expected to be completed by August 2019 and the company will be releasing additional information in the next few months on how to migrate data.

    However, Google intends to keep Google+ open for enterprise customers. But it will be rolling out new features to keep its enterprise version more secure and effective.

    Aside from announcing its phase-out of Google+, the company also said its other services will be receiving privacy adjustments. Some of these adjustments include changes to API that will curtail developers’ access to user data on Gmail and Android. The changes will also ensure that developers won’t be receiving call logs and SMS permissions. Contact and basic interaction data from the Android Contacts API will also be blocked.

    Keeping Things Quiet

    While the security vulnerability occurred several months ago, it was only revealed recently in a Wall Street Journal report which said the breach exposed information like name, age, gender, occupation, and email address of users who listed their profile as private.

    In a blog post, Google explained its decision not to reveal the issue to users.

    According to Ben Smith, Google’s Vice President of Engineering, the company did not find any evidence of anyone accessing the profile data. There was also no evidence that the API was abused or that any developer was aware of the bug. Google’s “Privacy & Data Protection Office” also evaluated the issue and decided that none of the “thresholds” they were looking for were met.

    Experts say that there’s no legal requirement that obliges Google to reveal the security vulnerability. However, Google’s decision to keep things quiet and a memo shared to the Journal warning senior executives against disclosing the existence of the bug will undoubtedly raise privacy and security questions again.

    [Feature image via Google]

  • Cyber Attacks on Small Businesses are on the Rise, Here’s How to Stay Safe

    Cyber Attacks on Small Businesses are on the Rise, Here’s How to Stay Safe

    While recent data breaches on large enterprises like Home Depot, Target, and Yahoo made headlines worldwide, a 2016 report by cybersecurity firm Symantec revealed that 43 percent of cybercrimes actually target small businesses. What’s more alarming is that the number of attacks on small business has been trending upward every year since 2011. It’s easier to target small companies because many of their owners are not educated about the risks or don’t implement adequate safeguards to protect themselves.

    However, a data breach can damage your company’s reputation and revenue. It can even put you out of business altogether. In fact, a reported 60 percent of small businesses fold within six months of a cyber attack. The need to protect yourself and your customers cannot be overstated.

    Here are five safety measures your small business can implement to fend off cyber attacks:

    1. Install the right software and keep it updated.

    Good anti-virus, spyware and/or malware prevention software is your initial line of defense. Invest in a reliable one and keep it updated regularly. As a business owner, you should never ignore an update, no matter how busy you are. The older versions of a software or system are what hackers often work on.

    Minimize the risk by making sure your antivirus software and operating system are up-to-date. Once you’ve been notified of an update, designate a time of the week to install it into your data system.

    A lot of small business owners also make the mistake of just buying whatever data security software was recommended to them without understanding it or using it properly. To choose the right software, you’ll need to assess the type of data you’re protecting and how it will be stored. Is the information you’re protecting sensitive or neutral? How many people will have access to the information and for how long do you intend to store it? Data security is not one size fits all.

    2. Invest in a secure network.

    Select a dedicated and secure server that only your company and employees use. It might mean shelling out more money upfront, but your network is guaranteed to be secure from external attacks. This will significantly reduce the risk of your customers’ information being hacked. You should also make sure that your data is always backed up. A second copy will lessen the devastation of a malware attack.

    3. Implement extensive security protocols.

    Use every safety protocol and security strategy to protect data while still keeping it usable. Implement steps like multi-factor authentication and data encryption. Make sure you develop strong passwords to prevent hackers from cracking your code. Experts say passwords should be around 13 to 15 characters and should not be a word. Instead, go with random symbols, letters, and numbers. Investing in good encryption software is another way to protect your customers’ personal data.

    4. Educate your team and train them to follow best practices.

    Most of the time, a data breach is caused by an employee’s negligence or complacency. This was what happened in the Target hack. It’s also something you see all the time in brick-and-mortar stores. Computers are left open and available or passwords scribbled on post-its for everyone to see.

    Root cause of a data breach infographic

    Make sure you take the time to educate your staff on security technology and train them to understand and follow best practices for preventing a security breach. Cybercriminals use ploys that look legitimate so employees should know what to look for. You should also have a memo or a list of best security practices to follow, like changing passwords regularly or being careful when using personal devices at work.

    5. Secure sensitive documents.

    Make it a habit to safeguard important documents even if you no longer need them. Instead of just throwing customer files and documents in the trash, take the extra step of shredding them. It’s also a good idea not to store your clients’ credit card information. After all, there’s no need for you to do so and they can’t be stolen from you if you never collected them in the first place.

    These security measures might look like a lot of work, but it is all worth it. After all, it’s better to err on the side of caution instead of losing customers or your reputation because of a data breach. 

    [Featured image via Pixabay]

  • Steve Wozniak Bids Facebook Goodbye, Deactivates Account

    Steve Wozniak Bids Facebook Goodbye, Deactivates Account

    Apple co-founder Steve Wozniak announced that he has quit Facebook after deactivating his account on Sunday. He cited growing concern for the lack of privacy and security on the social media platform in the wake of its recent scandal.

    He hopes that his departure from Facebook will encourage others to follow suit and rethink how users share information on social media. Wozniak said that it was unethical for Internet companies to monitor and sell its users’ personal data.

    “If you post something and I click ‘Like,’ it’s sort of my inside feeling, I have a commonality with you, and maybe you will even see my ‘Like’ and know we are friends. You know what, it’s being sold to an advertiser. I’m sorry that’s not ethical,” he told USA Today on Monday.

    His concern wasn’t unwarranted. Cambridge Analytica, a London-based data firm, had improperly obtained access to data of about 87 million Facebook users without them knowing. The information was collected through a personality app that also had access to friends of those who answered the quiz. In response to the crisis, Facebook banned Cambridge Analytica and has suspended two other data firms.  

    Users have come to realize that personal data might not be as private as they think it is. In the case of Facebook, the social media giant earns from targeted advertising based on its users’ information. Tech companies have the responsibility to respect and protect the privacy of its users, Wozniak emphasized.

    On this note, the tech pioneer praised Apple for its privacy standards. “Apple makes its money off of good products, not off of you. As they say, with Facebook, you are the product,” Wozniak pointed out. And as the founder of Electronic Frontier Foundation, an advocacy group for digital rights, he also encouraged users to scrutinize what’s inside Facebook.  

    Wozniak pointed out that he’s willing to pay the price for privacy, but admitted that it might not be a viable solution. Moreover, he’s not hopeful for any swift changes after the Congressional hearings where Facebook founder Mark Zuckerberg is set to testify.

    “Facebook will come out and say, ‘Oh, we are going to do this little one extra thing to protect your privacy. But really, they are advertising you. You are the product with Facebook— and Google,” Wozniak dismissed.

    [Featured image via YouTube]