Monday, April 17, 2017

Dun and Bradstreet 33.6M records exposed

This is from http://www.ecommercetimes.com/story/84387.html.  I can't tell from the one story what the date range for the data is.  Note the links at the end go to a way to test employees family or customers on their vulnerability to phishing emails.

Dun and Bradstreet Marketing Breached

Dun & Bradstreet Marketing experienced a breach to one of their databases.  The database was 52 GB, which included 33.6 million files.  According to eCommerce Times, the database belonged to NetProspex.
The information exposed is basic contact information, very similar to what you may find on a business card — individual’s name, job title and contact information.  eCommerce Times reported the primary threat with this breach is identity theft.  However, I would have to disagree.  Hackers now have over 30 million email addresses that they can use for phishing scams.  Considering 93% of all phishing attacks include ransomware, this should be the highest concern.
The database that was breached included contact information for individuals working in various entities including Department of Defense, U.S. Air Force, U.S. Army, U.S. Postal Service, CVS Health Corporation, Wells Fargo and Wal-Mart, to name a few.

Prevention

It is encouraged, each entity impacted by this breach, conduct a cyber security training with all of their employees.  Too often, it is believed phishing scams will be filtered to the spam folder.  This is not always the case.  Hackers are typically rather smart, and make the emails look legitimate.  They do so by editing the “from” address to someone the recipient will know.  This may be their boss, co-worker, or even a well-known business such as Amazon.
KnowBe4 offers a phishing simulation email that employers can send to their employees to see how vulnerable their company may be to such attack.

No comments:

Post a Comment

Printfriendly

Print Friendly and PDF