Big Basket, India’s leading online food and grocery store, became victim to a data breach exposing the data of 20 million customers. Cybersecurity experts commented below as part of our expert comment series.
It is worrying to see another large data breach like this one take place. Organisations must start taking cybersecurity seriously or risk falling victim to a cybersecurity attack themselves. If a customer trusts you with their personal data, you owe it to them to keep that data safe. This breach is particularly worrying because it appears that customers’ payment details were available to hackers and these details can be used for a range of nefarious purposes. Most simply, these details can be sold for financial gain on the dark web, with the prospective buyer able to use the data to impersonate a victim or lead them to a different domain.
With the festive season around the corner, and Black Friday just weeks away, there is likely to be a significant increase in buyers utilising online retail sites as COVID-19 lockdown measures are reinstated. With more people using online retailers and sharing personal and financial data with them, the aperture for spoofed and malicious sites increases as entities seek to exploit wider vulnerabilities. Throughout the month of October, we found that the retail & wholesale sector has been the top targeted sector. This is highly likely to remain a target due to the strong financial motivation of criminals, increased eCommerce activity likely due to renewed lockdown measures, the potential for data and/or credential exfiltration, as well as third-party compromise if an attack is successful.
Retailers must ensure this data is protected or face serious reputational damage, which is sometimes too difficult to repair. Businesses also need to be wary of their employees shopping online using their professional devices and putting company data at risk. Recent Mimecast research found that 35% of workers are using their corporate devices for online shopping. The best way to overcome this is with awareness training, designed to promote better cyber-hygiene and best practice.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics