Expert Insight: Instacart Discloses Security Incident Caused By Two Contractors

By   ISBuzz Team
Writer , Information Security Buzz | Aug 24, 2020 07:11 am PST

Grocery delivery and pick-up service Instacart disclosed a security incident caused by two employees working for a company providing tech support services for Instacart shoppers. According to a press release published today, Instacart says the two employees “may have reviewed more shopper profiles than was necessary in their roles as support agents.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Keith Geraghty
Keith Geraghty , Solutions Architect
August 24, 2020 3:15 pm

You can conduct all the vetting in the world of your employees, but it is not a sure fire way to protect yourself from these type of issues. What will help is good compliance standards. In technical terms, that means enforcing least privilege, keeping and reviewing logs and having the correct security awareness training to all staff. It is not clear from whether any malicious intent was involved, so we are yet to find out if the action taken was on the strong side. You cannot leave the door the wide open and expect that everyone will pass by and not take a peek in.

Last edited 3 years ago by Keith Geraghty
Martin Jartelius
August 24, 2020 3:13 pm

Looking at countries that log these breaches with great care, we cannot see the insider breaches where individuals access data to which they have permission to do so, however, without business justification is relatively common. Cases can be seen by police, in medical care and more. The interesting part is that this is generally only detected where there are strict requirements for logging and auditing, there is no reason to suspect that police or medical care, or in this case support workers, are more inclined to such breaches, but rather that if you look for deviations, you shall find deviations. This speaks nicely in favor of a good practice of logging and auditing where the breach occurred.

Last edited 3 years ago by Martin Jartelius

Recent Posts

Would love your thoughts, please comment.x