New York-based debt collection company Retrieval-Masters Creditors Bureau, Inc. has filed for bankruptcy due to a massive data breach.
Following the leak, the legal obligation on the company to notify the 7 million affected by the data breach cost it $3.8 million. Another $400 000 was also spent on external IT consultants to determine the extent of the damage.
3 independent IT firms determined that the compromise had occurred as early as August of 2018. However they could not determine the magnitude of the damage, forcing countermeasures to assume that all company data was compromised.
Russell Fuchs, founder and CEO of the firm, stated that the company keeps highly personal information of its clients due to its work of collecting bills for clinical labs. Therefore, information that was stored and leaked by their servers included the names, home addresses, SSNs, credit card and bank account information, birth dates, and personal medical information of its clients.
The breach was discovered March of this year when the company received an alarming amount of credit card activity on its web portal. Following the discovery, Retrieval-Masters Creditors Bureau immediately shut down its web access to mitigate the damages. The company had shifted to storing its data on the web in 2015 due to market pressure for increased connectivity and client convenience.
This event illustrates the immediacy of cyberthreat to companies that store sensitive information. As demonstrated, a compromise can remain undetected for months, and a single attack could lead to devastating financial and legal consequences.
How can you stay protected?
Here are some best practices to help you protect your sensitive data from cyberattack:
Update your Operating System:
With the end of security support to Windows 7 coming soon, it is absolutely essential for any company running Windows 7 to upgrade to Windows 10. Remaining on an unsupported O.S. instantly makes you vulnerable to backdoor exploits, ransomware attacks, data theft, and more. GIGE IT Solutions can help make your transition as smooth and affordable as possible. Learn more about the Windows 7 End of Life here
Network Segmentation:
Network segmentation is the security practice of “splitting” your company’s network into disconnected sections. If a cyberattacker is able to gain access to one section, they will be unable to infect your entire network. This is particularly effective against viruses with the worm capability, which allows it to spread from one device to the next without any input from the victim.
Multifactor Authentication:
Many cyberattacks are now automated. Brute-force hacks gain access to your accounts by ‘guessing’ your credentials through trial-and-error. This can be prevented by activating multifactor authentication, which requires a second ‘temporary’ password to be input every time you log in from an unfamiliar device. This password is sent to a second destination such as a phone or a secondary email, preventing an attacker to easily hack into your account with only the username and password.
Don’t fall victim to cyberattack. Managed IT service providers such as GIGE IT Solutions help keep your company safe by maintaining healthy backup protocols, monitoring your systems 24/7 and designing customized security solutions. Call us at +1 888 366 4443 for an immediate consult.