The Home Chef Data Breach Affected 8 Million Customers

a box of home chef next to some vegetables

On May 20, 2020, customers of Home Chef got the unpleasant news that 8 million of their data records had been breached. The stolen information included names, email addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords. Other information, including mailing addresses and frequency of delivery, “may also have been compromised.”

The announcement came about two weeks after Home Chef learned of the breach. This is within a generally accepted time frame; the company’s first priority is to verify what happened and prevent further damage. What’s disturbing is that Home Chef learned of the breach only by discovering that its data was being offered for sale.

How Home Chef learned of the breach

An online criminal gang calling itself Shiny Hunters had announced that it was offering databases from eleven companies, Home Chef among them. In early May they offered 8 million records for $2,500. No details were publicly available on how the breach occurred, but Shiny Hunters apparently gained direct access to Home Chef’s customer database. The largest set of records the gang claimed to have was 91 million from Tokopedia, a major Indonesian online store. This number hasn’t been confirmed; the low-end estimate is 15 million.

The price might have been higher, except Home Chef did some things right. It didn’t store full credit card numbers, and it encrypted all the passwords in its database. Stolen information could make it easier to match credit card numbers with people or to crack passwords, but the breach didn’t outright expose that sensitive information. Even so, Home Chef is advising its customers to change their passwords.

What businesses and customers should do

The breach offers lessons to businesses and customers. Businesses need to remember the importance of network monitoring. If the security incident had been caught earlier, the thieves might have been stopped before they could steal the data. In the worst case, Home Chef would have known about the breach more quickly and started remedial action sooner. The process of acquiring the 8 million records could have taken weeks. Grabbing and exfiltrating that many records all at once could trigger alarms, so thieves prefer to acquire them slowly.

These events show why businesses should never store unencrypted sensitive information in their databases. Home Chef protected itself and its customers from a worse disaster by following this principle.

On the customer side, the breach shows the need for strong passwords. Depending on the details, thieves may be able to test long lists of passwords against the encrypted ones and discover the ones that match. A long and complex password is more resistant to this kind of cracking. When they learn of a breach, users should change their passwords immediately.

Home Chef warned customers to be wary of scams. Fraud operators can better target their phone calls and spam by knowing that a phone number or email address belongs to a customer. The company has reminded its customers that it will never ask for sensitive information by email. People getting phone calls claiming to be from Home Chef should likewise be wary of any odd requests.

Costs

Data security is a constant challenge. A typical data breach costs millions of dollars in downtime, reporting, mitigation, and liability. Businesses need to maintain a multilayered defense. It has to include not just technical protection but cybersecurity awareness training so that employees don’t give away authentication information or let malware get into their systems. System monitoring is important so that IT people can catch security incidents when they happen and not after massive data loss. Investing in data protection pays for itself by safeguarding a business’s operations and reputation.

Investing in data protection pays for itself by safeguarding a business’s operations and reputation. Bluwater’s network and system security services will reduce your company’s chances of suffering an expensive data breach.

Contact us to learn how we can help.

Mobile Security Threatens Company Data

a pile of papers sitting on top of each other

According to CIO magazine, a Gartner analyst two years ago pointed to the “growing shortage of cybersecurity resources” and how those impending threats to company data continue to grow:

“Companies are worse off by 100% (with cybersecurity) compared to 10 years ago because the world is more complicated now…Companies have definitely raised the cybersecurity bar, but criminals can keep going higher than the bar.”

BYOD brings security risks to company data

Unfortunately, employees unwittingly connect to Wi-Fi hotspots that are traditionally not safe, from coffee shops and restaurants to airports and hotels. Instead, device users should connect through a virtual private network (VPN), one of the many services an experienced MSP can offer. 

Gartner’s prediction provides that clarion calls for businesses with remote, cloud operations to address these ‘new’ security risks, particularly with the incorporation of mobile devices (BYOD) in the workplace.

“When employees connect to public WiFi without using a VPN app, they put their company’s data at risk,” notes the head of Avast Software’s mobile division.

Global survey: More than half of SMBs use in-office/remote employees

 A global survey of IT pros found that “fifty-eight percent of SMBs now have a mix of in-office and remote employees.” What’s more, those employees are working 2 to 3 days a week from home.

Even more reason for SMBs to consider using a managed service provider ( MSP) for mobile-device management. MSPs utilize a set of protocols and platforms to mitigate risks associated with the proliferation of BYODs.

In addition, a seasoned pro, like BluWater, can manage a company’s firewall, antivirus, and application upgrades/updates—and even conduct a vulnerability assessment of a company’s, on-premise networks.  

Contact us today. We can help you implement a  BYOD strategy that fits your needs. Companies rely on us to provide them with the security and scalability to make them successful now and in the future. 

The Pitfalls of Asking Just Anyone for IT Advice

two women shaking hands in an office setting

Would you trust a neighbor to fix your car instead of bringing it to a certified mechanic? What about a friend to splint a broken leg rather than taking a trip to your doctor? We all have “know a guy who knows a guy,” but when it comes to protecting critical data and technology systems it’s best to leave the IT advice to the pros. 

Consider our Top 3 Excuses and Top 3 Reasons To Stick with Managed It Services.

Short-Term Costs vs. Long-Term Productivity

“But it’s cheaper!” 

It’s no coincidence that many businesses have turned to investing in high-quality data storage, cutting-edge virus protection, and worry-free compliance services. Emerging technology helps companies succeed. Communication management systems — or CMS — are designed to streamline interdepartmental processes and better manage client data. However, many businesses underutilize the technology available to them.

This is where local IT consultants come to the rescue. Technology professionals can identify areas where system processes aren’t operating with maximum efficiency and offer IT advice to maximize outputs. This ultimately generates greater, lasting revenue and happy clients. 

Security Done Right

“All IT services are the same anyway.”

Not all IT services are created equal. In 2018, Tech Republic reported that a whopping 40% of security breaches were caused by employee error and negligence. When it comes to securing confidential and sensitive data, hosted technology services provide knowledgeable management and guidance as well as company-wide training. Thus, reducing the potential liability a data breach can cause allows you and your employees to sleep a little easier at night.

DIY Fails

“I could do this myself.”

Don’t let yourself, or your company, be fooled by these famous last words! While we love the spirit of innovation and willingness to learn, technology is not the best place for DIY solutions. Furthermore, leaving the tech to a trusted professional ensures the job will be done right the first time.

From network support to upgrading your office space, Bluwater Technologies has you covered! Contact our IT superheroes to get started on a managed tech service that’s right for your Fort Lauderdale business.

Data Replication vs. Data Backup – Understanding the Difference

a red object is surrounded by rows of white ones

Recently, the most cost-efficient data restoration mechanism available for SMBs was simply to ensure they maintained regular data backups. This was not necessarily ideal since any restored data came from a previous point in time, and the restoration process to recover data was potentially quite lengthy. This meant a business could be down perhaps even for several days, and any data that was recovered was even older. In this post, we will point out the differences between data backups and data replication and how data replication can now outperform traditional data backups in key areas.

Data Backups 

A traditional data backup is essentially a complete snapshot of a company’s data at one given point in time. While there certainly is value in maintaining a regular complete copy of all corporate data, traditional data backups have some less-than-ideal aspects. More and more businesses rely on their data to efficiently run their business. Thus, even losing a few hours’ worth of data can be quite catastrophic. Therefore, making the less-than-ideal aspects of traditional backups even more glaring.

In the past, the best a small or medium-sized company could hope for in the event of data loss was to restore their last backup. After the restoration process, they relied on manual entrance of their business data. This would bring them to the point just prior to the system failure. This entire process was time-consuming and prone to error.

Data Replication

Up until fairly recently, maintaining a near-mirror replication of company data in a remote location was affordable only for enterprise-level organizations. Now, with cloud-based replication, the costs associated with maintaining a cloud-based, real-time copy of all corporate data is becoming realistically affordable for even smaller businesses. With cloud-based replication, in the event of a system failure, even small companies can have a fresh, up-to-date copy of corporate data available to them within minutes.

If you would like to know more about real-time data replication, please contact us.

Develop a Data Loss Prevention Strategy

a row of yellow and green helmets hanging on a red wall

Every business needs to think about the risk of data loss. Even the smallest ones have customer and financial information that has to stay out of the wrong hands. Many have records that could lead to identity theft if they’re stolen. A business needs a plan and a policy for data loss prevention. It has to include these steps:

Perform risk analysis for data loss prevention

Some information is especially sensitive, and managers have to concentrate their efforts on protecting it. A risk analysis will identify the information that most needs protection. It will identify areas that are vulnerable, such as unencrypted databases with weak access control. A prioritized list of assets at risk will provide the basis for a strategy.

Identify data movements

The biggest risks come when data is carelessly moved from one place to another. Weakly protected intermediate storage provides thieves with a prime opportunity. Moving unencrypted data over the Internet leaves it open to interception. If the information isn’t wiped clean after transferring, those intermediate points create a lingering risk. Transfer of sensitive data should always use a secure channel.

Grant access conservatively

Grant access to data only to those who need it. Even if you are completely trustworthy, someone can compromise your account. The less an intruder can do with any given account, the more limited the damage will be. Role-based access tailors privileges to people’s jobs.

Train employees on loss prevention

Most data loss is due, at least in part, to employee error. Creating weak passwords, responding to a phishing scam, and saving insecure copies of data are just some of the mistakes that can lead to serious data breaches. Employees need to develop habits of treating their accounts and the data they handle carefully.

Get expert help

Bluwater Technologies provides managed IT services that will help you keep your data safe. Our experts will help you identify the sources of risk in your network and find the best ways to prevent data loss. Contact us to learn how we can help your business.