Expert Insight: Instacart Discloses Security Incident Caused By Two Contractors

Grocery delivery and pick-up service Instacart disclosed a security incident caused by two employees working for a company providing tech support services for Instacart shoppers. According to a press release published today, Instacart says the two employees “may have reviewed more shopper profiles than was necessary in their roles as support agents.

Experts Comments

August 24, 2020
Keith Geraghty
Solutions Architect
Edgescan
You can conduct all the vetting in the world of your employees, but it is not a sure fire way to protect yourself from these type of issues. What will help is good compliance standards. In technical terms, that means enforcing least privilege, keeping and reviewing logs and having the correct security awareness training to all staff. It is not clear from whether any malicious intent was involved, so we are yet to find out if the action taken was on the strong side. You cannot leave the door the .....Read More
You can conduct all the vetting in the world of your employees, but it is not a sure fire way to protect yourself from these type of issues. What will help is good compliance standards. In technical terms, that means enforcing least privilege, keeping and reviewing logs and having the correct security awareness training to all staff. It is not clear from whether any malicious intent was involved, so we are yet to find out if the action taken was on the strong side. You cannot leave the door the wide open and expect that everyone will pass by and not take a peek in.  Read Less
August 24, 2020
Martin Jartelius
CSO
Outpost24
Looking at countries that log these breaches with great care, we cannot see the insider breaches where individuals access data to which they have permission to do so, however, without business justification is relatively common. Cases can be seen by police, in medical care and more. The interesting part is that this is generally only detected where there are strict requirements for logging and auditing, there is no reason to suspect that police or medical care, or in this case support workers,.....Read More
Looking at countries that log these breaches with great care, we cannot see the insider breaches where individuals access data to which they have permission to do so, however, without business justification is relatively common. Cases can be seen by police, in medical care and more. The interesting part is that this is generally only detected where there are strict requirements for logging and auditing, there is no reason to suspect that police or medical care, or in this case support workers, are more inclined to such breaches, but rather that if you look for deviations, you shall find deviations. This speaks nicely in favor of a good practice of logging and auditing where the breach occurred.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.