Tag Archives: cyber breach

Immediate Vault Immediate Access

The bebe Hack: Guarding Against Cyberbreach During the Holiday Shopping Season

Posted on by

bebe data breach

On Friday, retail chain bebe announced that it had identified an attack on computers that operate the in-store payment processing system. The attack may have exposed data from cards swiped in retail locations in the U.S., Puerto Rico, and the U.S. Virgin Islands between Nov. 8 and Nov. 26, including cardholder name, account number, expiration date and verification code. The breach did not impact customers who shopped online or in other international locations, bebe reported, and the company has hired a security firm to stop and investigate the attack.

Almost exactly a year after the massive Target hack, this latest incident comes after a steady stream of sizable breaches among retailers, including Home Depot, JPMorgan Chase and eBay. Consumers have begun to find these hacks increasingly less surprising, and stopped paying as much attention – a phenomenon many are calling “breach fatigue.”

But companies are not entirely off the hook. While Target is on the rebound and subsequent breach victims have endured less damage to consumer perception, these cybersecurity incidents still demand a notable amount of contingency planning and mitigation.

According to public relations and social media firm Affect, there are four keys to protecting brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

“There are four phases of crisis communications: readiness, response, reassurance and recovery,” said Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.
buy filitra online https://galenapharm.com/pharmacy/filitra.html no prescription

2) The Customer is Top Priority

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.

Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach.

buy amoxil online www.methanol.org/wp-content/uploads/2022/08/png/amoxil.html no prescription pharmacy

“Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” Levin said in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.

buy flexeril online www.methanol.org/wp-content/uploads/2022/08/png/flexeril.html no prescription pharmacy

3) Monitor the Situation in Real-Time

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments.

buy zydena online www.methanol.org/wp-content/uploads/2022/08/png/zydena.html no prescription pharmacy

Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes

For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

Lessons from MBIA: When Breaches Go Viral

Posted on by

data breach

We can add another breached company to the ever-growing list: the Municipal Bond Insurance Association (MBIA). While not necessarily unique from other breaches we’ve seen lately, the MBIA incident brought another aspect of breach fallout into the public eye, and that’s the potential for data exposures to go viral. These viral breaches generate tendrils of compromised information that reach far and wide, creating a nightmare for containment—and public relations.

Known as the largest bond insurer in the country, MBIA services accounts for many government investment pools. In late September, the company was alerted by an ethical hacker that hundreds of pages of customer data were showing up online for all to see. We’ve since learned that one of the company’s database servers had been improperly configured, resulting in the exposure of highly sensitive data. Account numbers were compromised along with customers’ names, account balances and other confidential information. But the damage didn’t stop there. Not only was MBIA’s customer data floating around the Internet for all to see, it also had been indexed by several search engines. Information that should have been heavily protected was now on the Web in multiple locations, far outside the control of MBIA.

The release of customer data wasn’t the only problem. High-level security keys were also exposed and indexed, including administrative credentials and instructions for creating new deposit accounts. Not only were cybercriminals given a nearly perfect tutorial to dig into additional data held by MBIA that hadn’t been compromised in the first go-round, the instructions also provided a way for thieves to quietly pull funds out of the compromised accounts. The integrity of MBIA’s systems had been damaged far beyond a simple data breach.

Piling on to the organization’s woes were two failures of their own making. One is that their Oracle server is commonly known to need careful configuration to avoid a potential security gap.

buy atarax online meadfamilydental.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

Oracle has even provided documentation to help administrators configure it correctly and ensure the servers are secure. The other was that MBIA was actually notified of the exposure more than a week before the company finally cut off access to the compromised server.

buy diflucan online meadfamilydental.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

Not only was the company behind the curve in configuring its critical infrastructure correctly, it then delayed in fixing a problem that was brought to its attention.

In many respects, MBIA’s breach wasn’t all that different from other breaches. Network vulnerabilities are common avenues for hackers, and security warnings have been known to be overlooked. Target’s massive 2013 breach and similar recent exposures back this up.

buy estrace online meadfamilydental.com/wp-content/uploads/2023/10/jpg/estrace.html no prescription pharmacy

Unfortunately for MBIA, these factors all came together in a perfect storm that resulted in a truly viral breach. Sensitive customer data was compromised and unspeakably valuable credentials and account creation instructions were also exposed. The indexing of that information on more than one major search engine spread the leaked data far and wide. Containment and mitigation became exponentially more difficult.

There is some reasonably good news in all of this. At this time, it doesn’t appear any of MBIA’s clients were defrauded as a result of the breach—yet. There are also important lessons we can learn from MBIA’s mistakes. Network assets must be carefully administered, as their security is one of the first lines of defense against criminals. In addition, security warnings—whether they’re provided by ethical hackers, concerned customers or automated intrusion detection systems—must be immediately checked out.

We have the tools to thwart thieves.
buy temovate online https://royalcitydrugs.com/temovate.html no prescription

Now is the time to use them.

DDoS Attacks Cost Businesses $40,000 an Hour

Posted on by

One of the most common weapons in the cybercriminal’s arsenal is the DDoS attack.

buy zoloft online thecifhw.com/wp-content/uploads/2023/10/jpg/zoloft.html no prescription pharmacy

According to the network security experts at Digital Attack Map, “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

buy suhagra online thecifhw.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

While many have heard of these attacks or suffered from the outages they cause, most people do not understand the true business risks these incidents pose. To get a better picture of the threat, Internet security firm Incapsula surveyed 270 firms across the U.S. and Canada about their experiences with DDoS attacks. On average, they found, 49% of DDoS attacks last between 6 and 24 hours.

buy atarax online thecifhw.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

“This means that, with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000—with some running significantly higher,” the company reported. “Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales.”

Check out the infographic below for more of Incapsula’s findings on the actual costs of DDoS attacks:

Financial Services Firms Report Losing 27% of Revenue Due to Poor Reputation

Posted on by

Improving reputation remains a chief objective in the financial services industry — and rightfully so, according to a new study that reports firms saw an average of 27% of revenue lost in the past two years due to reputation and customer service issues stemming from the financial crisis.

buy amoxil online www.mariettaderm.com/wp-content/uploads/2022/08/pdf/amoxil.html no prescription pharmacy

The 2014 Makovsky Wall Street Reputation Study found that 81% of financial service firms are still feeling major negative impacts on stakeholder perception, and over three-quarters of financial services executives say industry risk is the same or worse than in 2007.

Public perception, riskier markets, and regulatory actions are the biggest impediments to industry recovery, executives told the communications firm. The biggest drags on reputation come from negative public perception (64%) and regulatory actions (55%), they said. A majority agreed that the top emerging reputation risks are high frequency trading and cyber data breach.

buy minocin online www.mariettaderm.com/wp-content/uploads/2022/08/pdf/minocin.html no prescription pharmacy

Further, four out of ten executives say their company’s reputation has already suffered due to recent cyber data breaches.

buy cymbalta online www.mariettaderm.com/wp-content/uploads/2022/08/pdf/cymbalta.html no prescription pharmacy

Makovsky Wall Street Reputation Study