Cybersecurity Private Equity

Cyber TRUST™ Index

-2.8%

Daily Change

+40.9%

Change from Jan 2023

Protecting Customer Data [Weekly Cybersecurity Brief]

In today’s world, so much of our consumerism is based on online activity. We shop, bank, and set up our services in the digital realm. But with the benefits of speed and convenience also comes a significant risk. Having so much of our data stored in these networks does potentially expose us to breaches. However, it is not just up to us to protect our information. It is also up to the organizations we trust with it. As cybercrime becomes more sophisticated though, companies are increasingly left in the wake of a hack figuring out how to respond, which this week’s cybersecurity news demonstrated.

Watchfinder, the pre-owned luxury watches dealer owned by Richemont, revealed that it suffered an attack possibly impacting customer data. The company stated in an email that it had “recently discovered unauthorized access to a user account belonging to one of our employees,” and that customers should be on alert for any suspicious correspondence. While information such as email addresses and phone numbers may be at risk, it is believed at this time that sensitive details including passwords and card numbers are unaffected. According to Bloomberg, Watchfinder said that it is currently working with the authorities on the matter.

Also forced into cooperating with authorities because of a recent data breach is Optus, Australia’s second-largest wireless carrier. However, the details around this case are a bit more serious. The cyberattack is being considered “unprecedented” and has impacted personal information from 9.8 million customers. Cybersecurity Minister Clare O’Neil said that compromised data includes driver’s licenses and passport numbers. While Optus announced that it will provide “most affected” customers with free access to Equifax Protect subscriptions, which monitors credit and identity, the incident is stirring even larger action proposals. As reported by the Associated Press and shared by The Hill, Australia law does not include a penalty for an instance like this. But O’Neil assured that “A very substantial reform task is going to emerge from a breach of this scale and size.”

According to The Guardian, the reforms mentioned are likely to address how and when a company like Optus should inform financial institutions about a cyberattack. Optus or others would ideally be able to more quickly notify the proper authorities. This is especially important considering that the data stolen may have already been put up for sale. Donna Lu and Royce Kurmelovs write in their piece for The Guardian that “On Saturday a post appeared on a data market by a user claiming to possess information obtained from the breach, including the details of 11.2 million Optus customers and more than 3.6m driving license numbers.” It is understood at this point that the user was able to access such information via an unauthenticated application programming interface (API). 

As cases like these unfold across the world, shoring up customer protection will continue to be a crucial pursuit in cybersecurity.

Key Takeaways:

“Richemont’s Watchfinder Reports Customer Data Breach” – Andy Hoffman, Bloomberg
https://www.bloomberg.com/news/articles/2022-09-26/richemont-s-watchfinder-reports-customer-data-breach

  • Watchfinder, the pre-owned luxury watches dealer owned by Richemont, revealed that it suffered an attack possibly impacting customer data.
  • The company stated in an email that it had “recently discovered unauthorized access to a user account belonging to one of our employees,” and that customers should be on alert for any suspicious correspondence.
  • While information such as email addresses and phone numbers may be at risk, it is believed at this time that sensitive details including passwords and card numbers are unaffected.

“Australia mulls tougher cybersecurity laws after data breach” – Rod McGuirk, Associated Press/The Hill
https://thehill.com/homenews/ap/ap-technology/ap-australia-mulls-tougher-cybersecurity-laws-after-data-breach/

  • A recent data breach carried out on Optus, Australia’s second-largest wireless carrier, has impacted the data of 9.8 million customers.
  • Cybersecurity Minister Clare O’Neil said that compromised data includes driver’s licenses and passport numbers.
  • O’Neil stated that “A very substantial reform task is going to emerge from a breach of this scale and size.”

“Optus data breach: cybersecurity reforms expected to enable companies to rapidly inform financial institutions” – Donna Lu and Royce Kurmelovs, The Guardian
https://www.theguardian.com/business/2022/sep/25/optus-data-breach-cybersecurity-reforms-expected-to-enable-companies-to-rapidly-inform-financial-institutions

  • According to The Guardian, the reforms mentioned around the Optus incident are likely to address how and when a company should inform financial institutions about a cyberattack.
  • This is especially important considering that the data stolen may have already been put up for sale.
  • A user claimed that they were able to access sensitive customer information via an unauthenticated application programming interface (API).

Share