Email
Password
Remember meForgot password?
    Log in with Twitter

article imagePayMyTab suffers from data leak Special

By Tim Sandle     Nov 21, 2019 in Technology
PayMyTab have reported on a data leak that exposes personal information belonging to mobile diners. Information was leaked, including customer names, email addresses, telephone numbers, order details, restaurant visit information.
According to ZDNet, sensitive and personal information linked to PayMyTab customers has been exposed. This has been attributed to an open Amazon Web Services (AWS) bucket. The issue was notified by vpnMentor cybersecurity researchers, who found that a data leak in which sensitive Personally Identifiable Information (PII) and partial financial details were made available online.
PayMyTab works with restaurants to provide mobile and card terminals which collect customer data for the purposes of and service improvement. Data breaches involving several companies, such as Facebook, Capital One, Lion Air, and Honda, have been connected with a misconfigured AWS S3 bucket.
To discover more about the data leak, Digital Journal caught up with Anurag Kahol, CTO, Bitglass.
Kahol begins by looking at similar issues that could affect other companies: “All too often companies make the mistake of leaving a database open with their customers’ sensitive data exposed."
He also notes that Amazon Web Service have a degree of security; however companies also need their own measures: "While AWS provides some native security and compliance functionality, the responsibility is on enterprises to secure access to the data that is being stored within the platform."
With the PayMyTab issue, Kahol says: "Unfortunately, personally identifiable information (PII) was left exposed for four long months, allowing cybercriminals plenty of time to access the data. While there is not yet evidence of an actual breach, the information left unsecured on the PayMyTab database could have been bought and sold on the dark web, further exposing those affected to future fraud and phishing attacks."
In terms of preventative actions, Kahol recommends: "Having complete control and visibility of data in the cloud is the first step to ensuring its security. Organizations should use solutions that can prevent data leakage by equipping themselves with tools such as data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption of data at rest in order to ensure all customer information is safe.”
More about PayMyTab, data leak, Data breach, Cybersecurity
 
Latest News
Top News