Another week, another data breach. In the last two weeks, news broke that both Adidas and Macy’s suffered data breaches.
In a letter leaked to DataBreaches.net, Macy’s wrote to affected customers that “the attacker used valid user credentials (usernames and passwords) to login to some online profiles … we believe valid login credentials were stolen from another company and/or sourced from the dark web.”
Adidas came clean to its customers about their data breach, and although details at this time are scarce, what is known is that “an unauthorized party” breached Adidas’ server; managing to steal the contact details, usernames, and encrypted passwords of “a few million consumers.”
Back in February, I believe we said it best. “Sometimes it feels like we are living in the cybersecurity version of the movie Groundhog Day. Day after day, week after week, we hear about data breaches that have exposed sensitive, personal information for hundreds of millions of people from around the world.”
Let’s take a look at eight other retailers who have suffered data breaches in 2018:
- Sears – April
- Kmart – April
- Delta – April
- Saks 5th Avenue – April
- Best Buy – April
- Lord & Taylor – April
- Under Armour – March
- Panera Bread – April
We are living in a world where there are hundreds of thousands of people around the globe continuously (whose job it is even) trying to exploit vulnerabilities. Regardless of how the breach occurs, typically, it’s because of an approach to compliance that is manual and periodic rather than continuous. Inevitably, that creates a cycle of being in and out of compliance. The problem is that even a brief lapse in compliance opens up a window that can and will be exploited. When you don’t achieve continuous compliance through monitoring and automated remediation, then it’s only a matter of time before you join the 10 retailers mentioned above in the growing list of companies who have to explain to their customers that their information has been compromised.
DivvyCloud wants to help!
In the cloud? If so, get your free trial of DivvyCloud and explore how we can secure your entire cloud environment.
DivvyCloud mitigates security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.