The latest cyber-incident has impacted ProQuality Solutions. This relates to an unprotected database that exposed the customer information of companies. The types of firms affected were big players in the U.S. retail space, such as Whole Foods (owned by Amazon) and Skaggs (which sells various uniforms to different industrial sectors).
The size of leaked data represented:
- Total Size: 9.57 GB
- Total Records when first discovered: 28,035,225 (4/25- 7/11)
- Total Records when notice was sent 82,099,847 (4/25- 7/30)
According to one survey, unsecured databases left exposed on the web are targeted by cyber criminals at least eighteen times each day.
Looking into the database vulnerabilities for Digital Journal is security expert Robert Prigge, CEO of Jumio (a company that deals with online identity verification and user authentication).
According to Prigge, the issue demonstrates the vulnerability of data in general across many systems. The world is reliant upon digital data, and data is of great value, yet the hunt for vulnerabilities with systems that hold data is major focal point for cybercriminals.
Highlighting the data vulnerability aspect, Prigge says: “The exposure of 82 million records confirms that no personally identifiable information is safe online through traditional methods of storage and protection.”
The reason for this, Prigge explains is because: “Threat actors could easily leverage partial credit card numbers, emails and physical addresses to conduct social engineering attacks on victims and steal additional data, such as full payment details or Social Security numbers.”
There are other vulnerabilities too: “In addition, fraudsters can combine the exposed data with other available information on the dark web and access additional user accounts set up with this information, including social media profiles, health insurance portals, banking applications and more.”
This means a proactive response to potential data vulnerabilities is essential. As Prigge puts it: “Any database containing personal indefinable information should not only be secured but should extend beyond basic password protection.”
More secure methods that can thwart many malicious actors include: “Face-based biometric authentication is significantly more secure, reliable and delivers a much higher level of assurance.”