It's a been a busy week for data breaches. In the closing days of November, three major consumer-facing organizations all disclosed breaches, setting the stage for what could be a new holiday trend.
Typically, I was surprised to learn, the number of data breaches actually declines during the holiday retail and travel season and then picks back up in the first quarter. The 2016 survey making that claim speculates that this could simply be because companies are too busy to go through the disclosure process, or delay disclosure to avoid a negative hit on sales.
This may have flown pre-GDPR and its attendant 72 hour disclosure requirement, but these days stalling is no longer an option. It will be interesting to see if in 2018, the holiday season turns out to be the season of breaches as well.
With that, let's take a quick look at this week's rundown, starting with the organization with (in my opinion) the best response to their breach.
This tech giant disclosed that in early November it detected unauthorized activity on its network that turned out to be attempts to steal customer data including names and passwords.
Their response is what sets them apart from other enterprises when it comes to security. As soon as the threat was detected, they were able to disrupt the activity before any information was compromised. For this company, that sophistication and responsiveness made all the difference. Rather than managing the disclosure of a major data breach, they were able to take proactive countermeasures – including a reset of all passwords – to improve overall security posture and protect customer data.
On Tuesday this food industry favorite announced that in October, a credential stuffing attack on the system that administers its rewards program may have lead to customers' personal information being compromised. Malicious actors attempted to access customers' names, email addresses, and rewards account information.
This company also forced a password reset for all affected accounts, but the apparent exposure of customer records underscores just how important it is to catch malicious behavior early.
There are two industries that seem like obvious targets for a holiday breach: retail and hospitality. The holiday season is a busy time of year for travel. More bookings means more customer records, and if you're a hacker, more is always better.
On Friday, a major hotel franchise became the first hospitality chain to announce a major breach. The hack of one of its guest reservation databases affects approximately 500 million guests, and the company believes that for 327 million, stolen data includes passport numbers, emails, mailing addresses, and potentially credit card data.
Of the three breaches disclosed this week, there's a clear outlier and that's Contender #1. Unlike the other two, this company actually got to share some good news with respect to their breach. Yes, their systems were hacked, but they were sophisticated enough in their security operations to detect the malicious behavior before records could be compromised.
The key takeaway is this: every organization is subject to threat activity, but sophistication matters. The difference for the first organization was their ability to detect malicious behavior patterns inside the firewall, on the network. They didn't stop the bad guys from getting in, but they protected customer data nonetheless.
If this holiday season is a harbinger of things to come, I strongly recommend organizations consider adding internal visibility to their security toolkit!