This month in data breaches: September edition
04 October, 2023
September has left the building, but while the kids are (finally!) back in school, for many businesses, the headaches have only just begun.
We speak, of course, about cybersecurity breaches. In this blog, we'll look into how even the most security-conscious individuals and organisations can fall victim to cyberattacks - alongside sharing how your company can stay protected against similar threats.
Let’s get started.
September's biggest data breaches
Topgolf Callaway
American sports equipment manufacturer giant Topgolf Callaway faced a significant data breach last month, putting the sensitive data of over a million customers at risk.
The company promptly emailed customers, explaining that a third party had breached their systems and accessed data, including names, shipping addresses, email addresses, phone numbers, order histories, passwords, and answers to security questions.
Fortunately, payment information remained secure and was not compromised in the breach.
This breach is particularly concerning because it also exposed data from affiliated brands under the Topgolf Callaway umbrella.
All affected customers were required to reset their passwords as a precautionary measure.
The identity of the party responsible for this breach remains unknown. However, the stolen data poses a serious threat, as it can be exploited for identity theft and phishing attacks.
This serves as a reminder of the necessity of a response plan.
By immediately informing those affected and enforcing a password reset, you can lessen the impact of an incident and heighten everyone's awareness against potential follow-up attacks, such as a phishing email.
Digital ID and The Greater Manchester Police
Thousands of Greater Manchester police officers and staff have had their personal details compromised. This attack is linked to a third-party supplier, Digital ID, responsible for identity cards and lanyards for UK organisations.
The breach involved the theft of officers' warrant card information, including names, ranks, photos, and serial numbers, through a ransomware attack.
While financial data remains secure, there are concerns regarding the safety of undercover officers and ongoing investigations.
The National Crime Agency (NCA) is actively investigating the Digital ID breach. Greater Manchester Police is working closely with the Information Commissioner's Office (ICO), which will conduct its own enquiry.
This incident emphasises the risks of outsourcing sensitive data to third parties and highlights the pressing need for ongoing vigilance, especially in law enforcement and public safety organisations.
Pizza Hut Australia
Pizza Hut Australia also fell victim to a cyber-attack in September, exposing customer information and order details.
The breach came to light in early September, prompting immediate action from the company.
Phil Reed, the CEO of Pizza Hut Australia, informed customers via email about the incident. He stated that an 'unauthorised third party' had accessed some of the company's data.
In response, Pizza Hut took swift action to secure its systems, engaged forensic and cybersecurity experts, and initiated an investigation to determine the extent of the breach.
The compromised data includes customer details and online order information, such as names, delivery addresses, email addresses, and contact numbers.
For registered accounts, encrypted credit card numbers and passwords were also accessed.
Approximately 193,000 customers were impacted and received guidance on avoiding potential future scams.
This incident highlights the importance of working with cybersecurity experts to minimise the impact of data breaches.
By collaborating with cybersecurity professionals, organisations can improve their overall security measures and decrease the likelihood of such incidents occurring in the first place.
What your organisation can learn from September's data breaches
September's data breaches stress a crucial lesson: cyber threats affect all.
Here are valuable lessons your organisation can take from these incidents to improve your cybersecurity systems.
- No one is exempt: Cyber threats spare no one. Regardless of the size or industry of your organisation, it's important to remain alert to attacks. Regular assessments can help identify vulnerabilities and weaknesses before attackers do.
- Effective response planning: Developing and regularly updating an incident response plan is crucial. It enables swift and effective action during a breach to mitigate its impact.
- Third-party risk management: If your organisation relies on third-party suppliers like Digital ID, ensure they adhere to robust cybersecurity standards. Protecting your data is a shared responsibility.
- Education and awareness is key: Educate your employees on essential cybersecurity practices, including phishing awareness, password security, and defence against social engineering tactics.
- Invest in training: Invest in cybersecurity training for your employees. A well-informed employee is a critical defence against cyber threats.
How can Bob's Business help you avoid cyber breaches
At Bob's Business, we offer affordable awareness training solutions designed to give employees the knowledge they need to protect their data and their organisation.
As part of our dedication to supporting organisations in strengthening their cybersecurity, we've created a free Cybersecurity Awareness Month Pack for your organisation.
This resource pack is designed to help you improve your security and reduce the risk of cyberattacks. Click here to get your free pack.
Ready to build your cybersecurity culture?
Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.
© 2024 Bob's Business®
Company No. 06341794 | VAT. 917310152
