Connect with us

Hi, what are you looking for?

Tech & Science

Implications of the Chowbus data leak revealed (Includes interview)

Chowbus is a mobile-based food delivery service that allows customers to order food from local restaurants in cities around the U.S., Australia, and Canada. The cyber-attack suffered by the organization came via an email. The message included download links to both a user and restaurant database used by the food delivery service.

Chowbus has explained to customers that they are investigating the hack, but none of the exposed data contained financial information or passwords. However, the stolen data contained customer names, email addresses, phone numbers, and mailing addresses.

Looking into the issue for Digital Journal, Andrew Hollister, Senior Director of LogRhythm Labs & Security Advisor to the CSO at LogRhythm, in your article.

Hollister begins by looking into the nature of the attack: “The Chowbus data leak is unusual in that so far the motive for the breach is not really clear. Typically data stolen from an organization might be used as leverage in a ransomware attack, for social engineering, or sold on the dark web. In this case it appears that the data of both suppliers and customers was simply sent to some or all of the individuals identified in the breach.”

He adds that: “Whether the motive will become clear over time remains to be seen, but it’s certainly unusual. Fortunately for both Chowbus and their customers, it appears that neither passwords nor credit card details were included in the breach.”

Looking at the wider implications, the expert adds: “Businesses that operate predominantly online and hold large quantities of customer information will always be an attractive target for attackers. Such organizations, whilst following best practice for secure configuration and patching, should also implement continuous monitoring for detection and response. An appropriately configured security monitoring solution that has full visibility into the environment could provide the opportunity to respond to an intrusion before it turns into a damaging data breach.”

Furthermore, in terms of learning exercises, Hollister says: “This occurrence once again highlights the importance both of ongoing vigilance, and robust security controls in every business, irrespective of the vertical they operate within. Bad actors will often look for low hanging fruit, and a simple misconfiguration can easily lead to a breach such as this one, often with far reaching consequences for both customers and the breached organization.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

What do you guys think the expression “useless morons” means?

Sports

For those seeking to snap up a ticket, it is important to know how to spot fake tickets, verify sellers, and safeguard the purchase.

Business

The US Department of Justice filed a major antitrust lawsuit Thursday seeking to break up an alleged monopoly in the live music industry.

Tech & Science

A defensive approach is no longer sufficient. Water facilities must implement a proactive cybersecurity defense to effectively mitigate cyber threats.