Blog

DoorDash Falls in the pit of Data Breach – Affects 4.9 Million Users

James Efron
October 04, 2019
5 minutes read
2049

Security breaches are increasing in number with every passing day. This keeps on happening. It would seem like every company should be taking their data security very seriously. After all, a data breach typically costs millions of dollars and tarnishes the company’s reputation.

According to Bitdefender, six in every ten businesses have experienced a data breach at some point during the last three years. Infosec professionals are acutely aware of the risks their organizations face with more than 58% worried about the organization in the face of a global cyberattack. In fact, the rest 49% confessed that they were losing sleep over it.

Human error can be a cause of 90% of data breaches
According to research half of the businesses around the world suffered a data breach
Data breach experience makes them more employable according to chief information security officer (CISO)

DoorDash Suffers Major Data Breach:

DoorDash a food delivery company confirmed a huge data breach a few days back, almost 5 months after it occurred. It was almost a year that users started complaining about their accounts being compromised inexplicably. The company confessed that 4.9 million customers, delivery workers, and merchants had their information stolen by hackers.

The breach took place on May 4 but users who made accounts after April 5, 2018 were safe by this breach. Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen. Both delivery workers and merchants had the last four digits of their bank account numbers stolen. The cherry on top is that around 100,000 delivery workers also had their driver’s license information stolen in the breach. Doordash was unable to explain the breach at that time but later said that the incident occurred through a third-party service.

The Damage a Data Breach Can Do

A data breach can drastically affect an organization’s reputation and financial bottom line. No one has forgotten about devastating data breaches of Yahoo which reported two major data breaches of user account data to hackers during the second half of 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Other organisations such as Equifax and Target have also been a victim of a data breach. Today, many people associate those companies with a data breach only instead of their actual business operations. So a data breach can make business loss not only their reputation but also identity.

Different Types of Data Breaches and the Sources:

Different sources define different types of data breaches. Here, I group them by the root cause:

Cyber attacks:

Hackers use malware, phishing, social engineering, skimming and related techniques to gain access to protected information.

Theft or loss of devices

Laptops, smartphones, thumb drives, and other data storage media can be lost, stolen or disposed of improperly. If they contain protected information and it ends up in the wrong hands, that’s a data breach.

Employee data theft or data leak

Employees, especially those who are leaving soon, might deliberately access protected information without authorization with malicious intent. This can be major reason for the data leak.

Human errors

Mistakes happen, and people are negligent. Employees may accidentally send proprietary data to the wrong person, upload it to public shares or misconfigure servers where it is stored. Not having any good method for ID verification can also make company data to fall prey to cybercriminals.

Tips to Prevent Data Breaches:

To prevent loss of millions and the company’s reputation due to data breaches, following preventive measure should be taken:

Limited Access to Valuable data

Previously data access was given to all the employees. Companies are learning the hard way now and limiting access to crucial data. This narrows the pool of employees who might click on the harmful link. Only those who actually need access will be given, this is the common-sense solution companies probably should have been doing all along.

Know Third-party vendors

Every company does business with a wide array of third-party vendors. It’s more important than ever to know who these people are. What if the guy who delivers office supplies just got out of prison? It’s something to think about. So always adhere to KYC regulations not only for your clients but also for third party businesses you are going to take services from. Verify who you are dealing with. In addition, be sure to provide limited access to the types of documents these vendors can view.

Though precautions like this can be a hassle for the IT department, the alternative could be a multi-million-dollar data breach. Demand transparency for those companies that are allowed to view your important data. Make sure they are complying with privacy laws; don’t just assume. Ask for background checks for third-party vendors who must enter your company on a regular basis.

Conduct Employee Security Awareness

Studies revealed that employees are the weakest in the data security chain In spite of training, employees open suspicious emails every day that have the potential to download viruses. One class of training is never enough. Regular classes should be conducted to safeguard important data once a month or more frequently.

Update Software Regularly

Regularly update all your software applications and operating system. Professional recommendation is to install patches whenever possible otherwise network is vulnerable. Microsoft has launched a product in this regard which is known as Baseline Security Analyzer that can check and ensure all programs are patched and updated.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Recent Posts

Blog
Record-Breaking Fines on Banks for KYC/AML Non-Compliance
DoorDash Suffers Major Data Breach:
The Damage a Data Breach Can Do
Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance have been structured to make financial institutions secure. The rising number of illegal activities in the finance sector is raising concerns for regulatory authorities. This year, the KYC/AML regulations have become more rigid and different countries have also amended their state laws for customer due diligence. Why are all the regulatory authorities imposing more stringent laws in 2021?

In 2020, the majority of banks were fined for not complying with KYC/AML regulations. The law violations increased significantly and record-breaking penalties were imposed on banks across the globe. This led law enforcement agencies to make certain changes to the regulations and customer due diligence protocols. The record-breaking penalties in the finance sector have changed the game for businesses.

Let’s take a deep dive into the largest penalties of 2020 and how can KYC/AML regulations help the finance sector to avoid them in 2021.

How to Comply with KYC/AML Regulations?

Compliance with KYC/AML regulations require robust Anti-Money Laundering (AML) screening and Know Your Customer (KYC) identity verification measures. These measures verify the identity of every customer and ensure that legitimate customers are onboarded. With the help of document verification and biometric authentication, it gets easier to follow the laws.
Recommended: The Future of Customer Onboarding Post-COVID-19 Pandemic

A Summary of 2020 Bank Fines

2020 brought several inconveniences to life and the most distressing challenge was fighting fraudsters. Identity theft and money laundering were the most reported crimes last year. Unfortunately, the inability of financial institutions to verify identities of customers increased money laundering and other illegal activities. Here is a summary of fines imposed in 2020:

Goldman Sachs Tops the List

The US was ranked number 1 with the highest number of bank fines enforced in 2020. 12 cases of AML non-compliance were reported and the sum of all these fines was €9.39 billion. The fine on Goldman Sachs alone was €3.30 billion. The settlement was made by the bank with Malaysia against the Wall Street Bank for its role in assisting to raise millions for a sovereign wealth fund.

Commerzbank Fined £37.8 Million by FCA

The Financial Conduct Authority (FCA) imposed a £37.8 Million fine on the Commerzbank, London. The fine was a result of the bank’s violation of AML controls. According to reports of FCA, the violations will result in huge risks and stability issues of the UK’s financial system. The audit from FCA shared the following reasons on the basis of which the bank was penalised:

Periodic due diligence failures

Insufficient money laundering control procedures

Inadequate risk management systems

Westpac Paid $1.3 Billion for AML Breaches

Last year, Westpac bank in Australia was number 5 on the list of banks with the highest penalties. The court penalised Westpac with a fine of $1.3 billion. AML laws were breached at different intervals. Westpac not only violated AML/CFT laws but also failed to employ transaction monitoring and did not submit IFTI reports to AUSTRAC. Furthermore, the bank did not perform enhanced due diligence for high-risk transactions as suggested by FATF.

SEB Bank Fined $107 Million for Poor AML Measures

Next in the list of KYC/AML non-compliance is Lloyds Bank that was fined $107 million by the City watchdog for unfair treatment of mortgage customers. According to the executive director of enforcement and market oversight of Financial Conduct Authority (FCA),

“Banks are required to treat customers fairly, even when those customers are in financial difficulties or are having trouble meeting their obligations. By not sufficiently understanding their customers’ circumstances the banks risked treating unfairly more than a quarter of a million customers in mortgage arrears.”

Reasons Behind Hefty Penalties on Banks

The major reason behind all these hefty penalties is the banks’ inability to follow the regulations imposed by higher authorities. However, there are several other reasons resulting in increasing fines and growing rigidity of regulations. They include,

Consistent failures to comply with the Anti-Money Laundering laws

Lack of proper customer due diligence

No transaction monitoring measures taken

Overseen cases of compliance monitoring

Did you know that the highest number of cases of AML law violations have been reported in 2020? Here’s an overview of the number of cases reported last year:

82 cases of transaction monitoring

109 cases of poor AML compliance

115 cases of lack of customer due diligence

If banks continue to lack robust verification and AML systems, the numbers will increase this year as well.

Suggested: A Comprehensive Guide to AML Compliance [2020]

What Can You Do to Prevent Fines in 2021?

Other enterprises in the finance sector must comply with the KYC/AML regulations at all costs. Otherwise, heavy penalties will be their fate in 2021 as well. How can banks and other financial enterprises prevent fines this year? Well, here’s what you should do:

Take a look at the amended laws from regulatory authorities

Audit your current identity verification protocols

Ensure robust KYC/AML compliance measures within the company

Never onboard any customer without verification

Always perform enhanced due diligence (EDD) checks for high-risk customers

Ongoing transaction monitoring must be employed to prevent money laundering

Read more: Shufti Pro’s Ongoing AML Solution to Prevent Transaction Laundering

How Can Shufti Pro Help You?

Penalties on financial institutions are increasing every year and 2020 broke records. The major reasons for hefty penalties included poor customer screening and inefficient AML compliance procedures. Furthermore, damaged brand reputation is another setback for companies. In order to protect your organisation from criminal activities and heavy penalties, it is better to employ KYC/AML verification.

Shufti Pro is a one-stop solution for all your needs. With AI-powered identity verification and AML screening, you can verify all the customers during the onboarding process. Moreover, the ongoing AML screening allows you to screen the backgrounds of high-risk customers as per your requirements. With 98.67% accuracy of our solutions, you can get in touch with the right customers.

Talk to our experts and add robust identity verification protocols to protect your company.

Talk to us

DoorDash Falls in the pit of Data Breach – Affects 4.9 Million Users

DoorDash Suffers Major Data Breach:

The Damage a Data Breach Can Do