A weekend full of data breach announcements showed the wide-ranging impact of cyber criminals across industries, as major brands like Marriott, Dunkin Donuts, and the United States Postal Service announced attacks that impacted hundreds of millions of customers in total.
The largest of the breaches, Marriott’s Starwood properties, affected more than 500 million guests, with information including names, mailing addresses, phone numbers, email addresses, arrival and departure information, and communication preferences accessed by the cyber criminals. Also stolen in the breach were credit card numbers for more than 325 million customers, of which Marriott is unsure on the decryption status.
The Marriott breach began as far back as 2014.
For those who haven’t stayed at a Starwood by Marriott property, Dunkin’ Donuts and the USPS announced breaches that impacted up to 9 million and 60 million, respectively. At Dunkin’, data from the DD Perks program, including members’ names, email addresses, and account information, fell to a password-reuse attack. This form of attack includes cyber criminals using login and password information from other notable breaches to try and break into more accounts, highlighting the importance of two-factor authentication and unique, frequently updated passwords for accounts.
The USPS breach came about from a small security hole in a program that allows customers to preview their mail, looking for delivery and tracking information for critical documents and checks. Access to this program gives that crucial information to cyber criminals who are then able to steal identities, email addresses, phone numbers, and more from the data kept by USPS. This attack was said to be in the works for more than a year, with USPS only responding to the threat with a patch after a security expert asked about the breach that was alerted by an anonymous researcher.
If a major hotelier, restaurant, and government agency, which each spend millions of dollars a year on cyber security, can fall victim to a large breach taking place over months or years, small businesses are an easy victim for hacks and breaches.
Archetype SC has developed a vulnerability assessment, call SRVA (Security Risk & Vulnerability Assessment) which scans the network of a company to find potential security holes, like the ones that led to the large data breaches at Marriott, Dunkin’ Donuts, and USPS. After a SRVA is performed, a detailed report of vulnerabilities, ranked by severity, is delivered with a remediation plan. The assessment is done at low-or-no cost, with remediation as an optional piece.
Schedule a SRVA with Archetype SC today by emailing here.