The United States Postal Service has recently opened up about a security vulnerability which went unfixed for a full year. The data breach, which exposed the data of 60 million users has been tied to an authentication weakness in the mail carrier’s API which allowed cyber criminals free access from within USPS.com. Concerns linger as authorities evaluate the extent of the damage done over the past year and the ramifications going forward.
A recent study by global risk management group, Opus, revealed that 59 percent of companies surveyed have experienced a data breach sourcing from a vendor or third party partner. Published in the third annual Ponemon Institute’s “Data Risk in the Third-Party Ecosystem”, the risk management group’s numbers reflected at 5 percent increase year-over-year and a 12 percent increase since 2016 for data breaches of this nature in the United States. Analysis of the data cites multiple possible causes leading to data breaches, including complex integrations than span multiple platforms, lack of central internal controls, and lack of vendor management. To this point, 69 percent of respondents admitted that they lack the personnel to oversee the numerous third-party vendor, with only 34 percent maintaining a comprehensive inventory of vendor partners and 37 percent believing they have adequate resources to stay ahead of the curve.
The 2018 holiday season is here and the Grinch is up to his tricks again. This year data breach season starts with the biggest target of all – Amazon. With massive sales expected on Black Friday and Cyber Monday, the giant e-commerce site was a highly probably target of cyber crime. Early reports on the breach from The Guardian indicate that the breach occurred the day before Thanksgiving and compromised customers names and email address. Thus far the company has revealed little information on how the breach occurred, but it is not a great start to the shopping season for Amazon.