Expert Comments

Experts Reaction On Staples Data Breach

Expert(s): Security Experts
Expert(s): Security Experts

Staples has informed some customers that data relating to their orders has been accessed without permission, but dubbed the data as ‘Non-sensitive” according to researcher Troy Hunt. Cybersecurity experts reacted below.

Experts Comments

Dot Your Expert Comments
Laurence Pitt
September 16, 2020
Global Security Strategy Director
Juniper Networks

Any breach in which personal data is stolen needs to be treated as highly serious and punishable.
Many people will see this as a relief that ‘only names, email addresses, and phone numbers’ were shared – their credit cards are safe and their transactions remain a secret. However, this is not the case. These pieces of PII still have value on the black market and can be used in order to gain access to other, and perhaps more sensitive, information. The combination of ‘email address and telephone number’, for example, would be a great start for anyone attempting takeover attacks on.....Read More
Many people will see this as a relief that ‘only names, email addresses, and phone numbers’ were shared – their credit cards are safe and their transactions remain a secret. However, this is not the case. These pieces of PII still have value on the black market and can be used in order to gain access to other, and perhaps more sensitive, information. The combination of ‘email address and telephone number’, for example, would be a great start for anyone attempting takeover attacks on personal data. It’s about time that we stopped ranking personal data theft on perceived severity. Any breach in which personal data is stolen needs to be treated as highly serious and punishable. Then, maybe people will be more careful about what databases are left around for people to find.  Read Less
Chloé Messdaghi
September 15, 2020
VP of Strategy
Point3 Security

We don’t know how the breach happened but we do know that this is the exact kind of data that can be used maliciously.
For Staples to say that customer order data is non-sensitive is ridiculous. Any social engineer attacker can use that type of data for a phone phishing campaign like this: ‘When you bought (name of purchased product) under xxxxxxxxxxxx confirmation number, we seem to have overcharged you. Can you please provide your full details of the credit card on file with the xxxx last four digits, so I can get that refund for you?’ We don’t know how the breach happened but we do know that this is.....Read More
For Staples to say that customer order data is non-sensitive is ridiculous. Any social engineer attacker can use that type of data for a phone phishing campaign like this: ‘When you bought (name of purchased product) under xxxxxxxxxxxx confirmation number, we seem to have overcharged you. Can you please provide your full details of the credit card on file with the xxxx last four digits, so I can get that refund for you?’ We don’t know how the breach happened but we do know that this is the exact kind of data that can be used maliciously.  Read Less
Saryu Nayyar
September 15, 2020
CEO
Gurucul

In this day and age, there is very little information that can't be leveraged in some way for nefarious purposes.
While the Staples breach appears to be "low impact" in that no sensitive customer information was released, even supposedly non-sensitive information can be leveraged by a savvy attacker. Knowing what a person or business has ordered, and when, can be just the hook an threat actor needs to formulate an effective phishing email or other social engineering attack. In this day and age, there is very little information that can't be leveraged in some way for nefarious purposes.

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Hackers Steal Wealth of Data from Game Giant EA

Researchers Create Un-hackable Quantum Network, Expert Weighs In

Italian Government Announces National Cybersecurity Agency

JBS Pays $11 Million Dollars in Cyber Ransom

Malware Stole 1.2TB Private Data From 3 Mil PCs

Experts React: RockYou2021, Largest Password Leak

Colonial Pipeline CEO Grilled by Senate but Experts Think Different

Experts Inisght On Security Threats Of VPN And What Organisations...

Kent School’s Suffer Cyberattack With Systems Offline And Data Stolen

NY City Law Dept Computer Systems Hacked & Shut Down...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy