The Home Chef Data Breach Affected 8 Million Customers

Auto Draft

On May 20, 2020, customers of Home Chef got the unpleasant news that 8 million of their data records had been breached. The stolen information included names, email addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords. Other information, including mailing addresses and frequency of delivery, “may also have been compromised.”

The announcement came about two weeks after Home Chef learned of the breach. This is within the generally accepted time frame; a company’s first priority is to verify what happened and prevent further damage. What’s disturbing is that Home Chef learned of the breach only by discovering that its data was being offered for sale.

How Home Chef learned of the breach

An online criminal gang calling itself Shiny Hunters had announced that it was offering databases from eleven companies, Home Chef among them. In early May they offered the 8 million records for $2,500. No details are publicly available on how the breach occurred, but Shiny Hunters apparently got direct access to Home Chef’s customer database. The largest set of records the gang claimed to have was 91 million from Tokopedia, a major Indonesian online store. This number hasn’t been confirmed; the low-end estimate is 15 million.

The price might have been higher, except that Home Chef did some things right. It didn’t store full credit card numbers, and it encrypted all the passwords in its database. The stolen information could make it easier to match credit card numbers with people or to crack passwords, but the breach didn’t outright expose that sensitive information. Even so, Home Chef is advising its customers to change their passwords.

What businesses and customers should do

The breach offers lessons to businesses and customers. Businesses need to remember the importance of network monitoring. If the security incident had been caught earlier, the thieves might have been stopped before they could steal the data. In the worst case, Home Chef would have known about the breach more quickly and started remedial action sooner. The process of acquiring the 8 million records could have taken weeks. Grabbing and exfiltrating that many records all at once could trigger alarms, so thieves prefer to acquire them slowly.

The events show why businesses should never store unencrypted sensitive information in their databases. Home Chef protected itself and its customers from a worse disaster by following this principle.

On the customer side, the breach shows the need for strong passwords. Depending on the details, thieves may be able to test long lists of passwords against the encrypted ones and discover the ones that match. A long and complex password is more resistant to this kind of cracking. When they learn of a breach, users should change their passwords immediately.

Home Chef warned customers to be wary of scams. Fraud operators can better target their phone calls and spam by knowing that a phone number or email address belongs to a customer. The company has reminded its customers that it will never ask for sensitive information by email. People getting phone calls claiming to be from Home Chef should likewise be wary of any odd requests.

Data security is a constant challenge. A typical data breach costs millions of dollars in downtime, reporting, mitigation, and liability. Businesses need to maintain a multilayered defense. It has to include not just technical protection but cybersecurity awareness training, so that employees don’t give away authentication information or let malware get into their systems. System monitoring is important, so that IT people can catch security incidents when they happen and not after massive data loss. Investing in data protection pays for itself by safeguarding a business’s operations and reputation.

Investing in data protection pays for itself by safeguarding a business’s operations and reputation. Bluwater’s network and system security services will reduce your company’s chances of suffering an expensive data breach.

Contact us to learn how we can help.

Mobile Security Threatens Company Data

Mobile Security Threatens Company Data

According to CIO magazine, a Gartner analyst two years ago pointed to the “growing shortage of cybersecurity resources” and how those impending threats to company networks continue to grow:

“Companies are worse off by 100% (with cybersecurity) compared to 10 years ago because the world is more complicated now…Companies have definitely raised the cybersecurity bar, but criminals can keep going higher than the bar.”

BYOD brings security risks to company data

Unfortunately, employees unwittingly connect to Wi-Fi hotspots that are traditionally not safe, from coffee shops and restaurants to airports and hotels. Instead, device users should connect through a virtual private network (VPN), one of the many services an experienced MSP can offer. 

Gartner’s prediction provides that clarion call for businesses with remote, cloud operations to address these ‘new’ security risks, particularly with the incorporation of mobile devices (BYOD) in the workplace.

“When employees connect to public WiFi without using a VPN app, they put their company’s data at risk,” notes the head of Avast Software’s mobile division.

Global survey: More than half of SMBs use in-office/remote employees

 A global survey of IT pros found that “fifty-eight percent of SMBs now have a mix of in-office and remote employees.” What’s more, those employees are working 2 to 3 days a week from home.

Even more reason for SMBs to consider using a management service provider ( MSP) for mobile-device management. MSPs utilize a set of protocols and platforms to mitigate risk associated with the proliferation of BYODs.

In addition, a seasoned-pro, like BluWater, can manage a company’s firewall, antivirus and application upgrades/updates—and even conduct a vulnerability assessment of a company’s, on-premise networks.  

Contact us today. We can help you implement a  BYOD strategy that fits your needs. Companies rely on us to provide them with the security and scalability to make them successful now and into the future. 

The Pitfalls of Asking Just Anyone for IT Advice

The Pitfalls of Asking Just Anyone for IT Advice

Would you trust a neighbor to fix your car instead of bringing it to a certified mechanic? What about a friend to splint a broken leg rather than taking a trip to your doctor? We all have “know a guy, who knows a guy,” but when it comes to protecting critical data and technology systems it’s best to leave the IT work to the pros. 

Consider our Top 3 Excuses and Top 3 Reasons To Stick with Managed It Services.

Short Term Costs vs. Long Term Productivity

“But it’s cheaper!” 

It’s no coincidence that many businesses have turned to investing in high quality data storage, cutting edge virus protection, and worry free compliance services. Emerging technology helps companies succeed. Communication management systems — or CMS — are designed to streamline interdepartmental processes and better manage client data. Many businesses under utilize the technology available to them.

This is where local IT consultants come to the rescue. A technology professional can identify areas where system processes aren’t operating with maximum efficiency and offer solutions to maximize outputs. This ultimately generates greater, lasting revenue and happy clients. 

Security Done Right

“All IT services are the same anyway.”

Not all IT services are created equal. In 2018, Tech Republic reported that a whopping 40% of security breaches were caused by employee error and negligence. When it comes to securing confidential information and sensitive data, hosted technology services provide knowledgeable management and guidance as well as company wide training. Reducing the potential liability a data breach can cause allows you and your employees to sleep a little easier at night.

DIY Fails

“I could do this myself.”

Don’t let yourself, or your company, be fooled by these famous last words! While we love the spirit of innovation and willingness to learn, technology is not the best place to DIY solutions. Leaving the tech to a trusted professional ensures the job will be done right the first time.

From network support to upgrading your office space, Bluwater Technologies has you covered! Contact our IT superheroes to get started on a managed tech service that’s right for your Fort Lauderdale business.