It has been reported that Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired. The email to users said that although the company said it’s seen “no evidence” of any unauthorised access to user’s account data, it did not rule out any improper access to user data.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Erich Kron
Erich Kron , Security Awareness Advocate
InfoSec Expert
September 24, 2019 3:06 pm

This incident highlights the importance of due diligence during mergers and acquisitions in modern time. I’m hopeful that Thinkful would have disclosed the information if they were aware of it, and I would also hope that Chegg, given their recent experience with a breach, would have this addressed contractually.

Obviously, the reputational damage and cost of dealing with the breach can have a significant impact on valuation or could kill the deal altogether. This is why it is so important to take cybersecurity seriously, especially if you’re considering an acquisition or looking to be acquired.

In many cases, security incidents like this, where credentials are misused, are due to someone giving them up in a phishing attack. That\’s why you want to ensure your users are well trained to spot and report them.

Last edited 3 years ago by Erich Kron
Travis Biehn
Travis Biehn , Technical Strategist
InfoSec Expert
September 20, 2019 12:32 pm

Compromising small startups in the weeks and months following an acquisition can lead to huge payoffs for attackers, as they gain footholds in soft targets before they\’re able to adopt to possibly stronger security postures from acquiring companies. That\’s just one reason why it\’s important to get handle on a company\’s full security posture before making an acquisition decision.

Last edited 3 years ago by Travis Biehn
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x