In the wake of the Equifax data breach, security affects the everyday life of the average American now more than ever. The breach exposed the personal information of over 140 million Americans https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html and has been headline news for weeks. A breach of this size at a company trusted by literally millions to safeguard their identities is unprecedented and unacceptable. Soon after this story broke, the SEC disclosed that they were hacked in 2016 as well https://www.wsj.com/articles/sec-discloses-edgar-corporate-filing-system-was-hacked-in-2016-1505956552. While this hack did not necessarily expose personal information to hackers, it did give the hackers an opportunity to trade on information not yet made available to the public.
While all these high profile breaches are both terrifying and interesting, I find that the “lower level” companies that get breached are often more terrifying in a different way. Breaches of these companies (basically, the companies you don’t think about when you think about companies that store a lot of personal data) show just how many people and organizations have our personal information and how poorly some secure it.
Take Pizza Hut, for example. Data isn’t the first thing that comes to mind when I hear that name. But on October 1st, their website’s security was compromised, revealing addresses, email addresses, credit card numbers, expiration dates, CVV numbers and more. From October 1st to October 2nd, any customer that visited the site may have had their personal information stolen, totaling to around 60,000 customers.
Sports Direct, a sports retailer in the UK, did not tell their employees when their information was hacked. When their content management system was hacked, employees names, email addresses and phone numbers may have been compromised. On top of the breach itself, Sports Direct did not decide to share this information with their employees since they did not find any evidence that the data had been copied.
Kiddicare, a British online child product retailer, ended up releasing data from actual customers while testing their new website. This hack was uncovered when the customers started receiving weird text messages. A following investigation discovered that 800,000 customers were breached and their names, addresses and contact info were released.
Lastly, one of my “favorite” (as favorite as a data breach can be…) is the Moonpig breach. A bug was discovered by a developer, who then alerted the company of the bug privately, and when the company did not solve it in over a year, he went public to put pressure on the company to fix it. The bug allowed a person to enter a spoof nine-digit ID number and basically impersonate that account.
The reason why these lesser know breaches interest and scare me is because it highlights the amount of information in companies that don’t necessarily care or have the resources to build the tightest security. While breaches of companies like Equifax and Yahoo can expose much more information, both in quantity and importance, these smaller breaches can be pretty damaging, too. Every online account you have and every order you place has the ability to be compromised and hurt you.
