Life’s A Breach: A Roundup of This Week’s Data Breaches

Person holding umbrella on windy beach in a storm.

It’s been a busy 24-hours for security (and PR) professionals. This #ThrowbackThursday is sponsored by the all-too-familiar, “Your personal information may have been compromised” email. The internet is ablaze with the news of one data breach after another, across multiple industries, today.

A Breachable Offense:

Exactis

Yesterday afternoon, news that nearly 340 million records were accessed and leaked on the internet, spread like wildfire.

Marketing and data aggregation firm, Exactis, has yet to confirm or comment on the breach; but it’s already being reported as one of the largest breaches in years – eclipsing the 2017 Equifax breach that affected 145+ million people’s data.

Security researcher, Vinny Troia, discovered nearly 2 terabytes (terabytes!) of data earlier this month. While reported that social security numbers and credit card information doesn’t appear to be included, other personal information – such as phone numbers, home and email addresses, and lifestyle choices – is.

The trouble with this information being readily available for seedy cybercriminals, is the (now increased) ability to skillfully target (and trick) individuals by way of various nefarious tactics, like spear phishing, or impersonation.

Adidas

Sportswear giant, Adidas, announced this afternoon that an “unauthorized party” has gained access to customer data on the US website.

Like the breach with Exactis, it appears that credit card information was not compromised (nor was fitness data), but email and physical addresses, contact information, and encrypted login credentials, were.

While the number of affected people was not disclosed, the company disclosed that it appears to be limited to US-based shoppers, likely “a few million” as estimated by an Adidas spokesperson, in a statement to Business Insider.

The spokesperson continued, “Adidas is committed to the privacy and security of its consumers’ personal data. Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers. Adidas is working with leading data security firms and law enforcement authorities to investigate the issue.”

Ticketmaster UK

A month after the General Data Protection Regulation (GDPR) came into effect, Ticketmaster UK has shared that an undisclosed number of customers’ personal or payment data may have been accessed by an unknown party.

The group identified malicious software on an external vendor’s support product, hosted by Ibenta Technologies. The ticket-selling organization claims to have disabled the product as soon as the breach was identified, on June 23.

Ticketmaster UK is assuring users that it is taking the appropriate actions, and has “Forensic teams and security experts working to understand how the data was compromised,” according to a recent blog post. The company also confirms that the breach did not affect US-based customers, and they are reaching out to only those they believe to have been affected, via email.

What now?

Though the damage is done (so to speak) there are steps you can take, as a consumer, to be proactive in the aftermath of these breaches.

1. Update your passwords

(And make it strong while you’re at it!) No pet names, birthdays, or heaven-forbid, “Password”, please!

2. Monitor your accounts and credit

Keep a watchful eye on your bank accounts, and credit monitoring sites. Cybercriminals are lurking in the shadows waiting for moments like this to strike – be diligent!

3. Be extra cautious

Double check email addresses from senders, especially if the content feels a little off, or out of the norm. Don’t be afraid to confirm any requests are legitimate from anyone seeking more information – especially if it’s an agency that doesn’t normally utilize email technology.

4. Report suspicious activity

If you receive a phishy email, or notice signs of malware on your computer at work, report them to your IT department immediately. At home, run virus protection software on your computer, and don’t put off any important security updates.

5. Have the conversation about security

There’s no shame in the cybersecurity conversation game. Whether you’re a novice, or a hero, start a dialogue with friends, family, and colleagues about security and privacy best practices. You never know what you might learn from those around you!

Though we don’t yet know the cause of these breaches, employee education is key in the prevention of (costly) breaches, just like these. We don’t like to use data breaches as examples, but they do serve as an excellent reminder at how valuable data is in today’s world – and just how far cybercriminals will go to get their hands on it.

We’re keeping an eye on these stories as they develop. Be sure to check-in often, or follow us on Twitter or LinkedIn to stay in the know. We’ve got your back!

Share this Post

Think you're a phishing hero?

Take Our Quiz!

Related Posts

Do you know spear phishing when you see it? Check out our quick guide for the basics of spear phishing, common tactics, and how to avoid taking the bait.
Spear Phishing: A Quick Guide to Avoiding the Bait
Old medieval door, detail of an old door of a castle
En Garde! 5 Key Insights from the 2018 Verizon Data Breach Report (DBIR)
The Silver Lining on the Equifax Breach
If you could get the people you know to commit to doing just a few things right around cybersecurity, what would they be? I often ask myself this question.
A Note to Mom About Cybersecurity