quora
webinr-icon

“A Fintech’s Path to Rapid Growth with 100% KYC/KYB Compliance” - 7th November

Register Here

DoorDash Falls in the pit of Data Breach – Affects 4.9 Million Users

DoorDash

Security breaches are increasing in number with every passing day. This keeps on happening. It would seem like every company should be taking their data security very seriously. After all, a data breach typically costs millions of dollars and tarnishes the company’s reputation.

According to Bitdefender, six in every ten businesses have experienced a data breach at some point during the last three years. Infosec professionals are acutely aware of the risks their organizations face with more than 58% worried about the organization in the face of a global cyberattack. In fact, the rest 49% confessed that they were losing sleep over it.

  • Human error can be a cause of 90% of data breaches
  • According to research half of the businesses around the world suffered a data breach
  • Data breach experience makes them more employable according to chief information security officer (CISO)

DoorDash Suffers Major Data Breach:

DoorDash a food delivery company confirmed a huge data breach a few days back, almost 5 months after it occurred. It was almost a year that users started complaining about their accounts being compromised inexplicably.  The company confessed that 4.9 million customers, delivery workers, and merchants had their information stolen by hackers.

The breach took place on May 4 but users who made accounts after April 5, 2018 were safe by this breach. Users who joined the platform before April 5, 2018 had their name, email and delivery addresses, order history, phone numbers and hashed and salted passwords stolen. Both delivery workers and merchants had the last four digits of their bank account numbers stolen. The cherry on top is that around 100,000 delivery workers also had their driver’s license information stolen in the breach. Doordash was unable to explain the breach at that time but later said that the incident occurred through a third-party service.

The Damage a Data Breach Can Do

A data breach can drastically affect an organization’s reputation and financial bottom line.  No one has forgotten about devastating data breaches of Yahoo which reported two major data breaches of user account data to hackers during the second half of 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted.  Other organisations such as Equifax and Target have also been a victim of a data breach. Today, many people associate those companies with a data breach only instead of their actual business operations. So a data breach can make business loss not only their reputation but also identity. 

Different Types of Data Breaches and the Sources:

 

Different sources define different types of data breaches. Here, I group them by the root cause:

  • Cyber attacks:

 Hackers use malware, phishing, social engineering, skimming and related techniques to gain access to protected information.

  • Theft or loss of devices

Laptops, smartphones, thumb drives, and other data storage media can be lost, stolen or disposed of improperly. If they contain protected information and it ends up in the wrong hands, that’s a data breach.

  • Employee data theft or data leak

 Employees, especially those who are leaving soon, might deliberately access protected information without authorization with malicious intent. This can be major reason for the data leak. 

  • Human errors

Mistakes happen, and people are negligent. Employees may accidentally send proprietary data to the wrong person, upload it to public shares or misconfigure servers where it is stored. Not having any good method for ID verification can also make company data to fall prey to cybercriminals. 

Tips to Prevent Data Breaches:

 

To prevent loss of millions and the company’s reputation due to data breaches, following preventive measure should be taken:

Limited Access to Valuable data

 

Previously data access was given to all the employees. Companies are learning the hard way now and limiting access to crucial data. This narrows the pool of employees who might click on the harmful link. Only those who actually need access will be given, this is the common-sense solution companies probably should have been doing all along. 

Know Third-party vendors

 

Every company does business with a wide array of third-party vendors. It’s more important than ever to know who these people are. What if the guy who delivers office supplies just got out of prison? It’s something to think about. So always adhere to KYC regulations not only for your clients but also for third party businesses you are going to take services from. Verify who you are dealing with. In addition, be sure to provide limited access to the types of documents these vendors can view.

Though precautions like this can be a hassle for the IT department, the alternative could be a multi-million-dollar data breach.  Demand transparency for those companies that are allowed to view your important data. Make sure they are complying with privacy laws; don’t just assume. Ask for background checks for third-party vendors who must enter your company on a regular basis. 

Conduct Employee Security Awareness

 

Studies revealed that employees are the weakest in the data security chain In spite of training, employees open suspicious emails every day that have the potential to download viruses. One class of training is never enough. Regular classes should be conducted to safeguard important data once a month or more frequently.

Update Software Regularly

 

Regularly update all your software applications and operating system. Professional recommendation is to install patches whenever possible otherwise network is vulnerable. Microsoft has launched a product in this regard which is known as  Baseline Security Analyzer that can check and ensure all programs are patched and updated.

Related Posts

Blog

A Fintech’s Journey to 100% Compliance and Rapid Growth

My EU Pay, a specialist payment institution serving hundreds of business customers ...

A Fintech’s Journey to 100% Compliance and Rapid Growth Read More

Blog

Identity Verification Isn’t Just for Compliance Anymore

As the article indicates, that fight involves identity verification becoming a mainstream phenome...

Identity Verification Isn’t Just for Compliance Anymore Read More

Blog

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud

Decoding the 2023 Fraud Landscape | Analyzing Shufti’s Millio...

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud Read More

Blog

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024

Video KYC (VKYC) is a method of verifying the identity of an individual or entity by leveraging v...

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024 Read More

Blog

A 2024 Overview of Identity Document Forgery

What is Document Forgery: The Common Types  Identity document forgery is a serious crime that can...

A 2024 Overview of Identity Document Forgery Read More

Blog

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs]

The acronym Politically Exposed Persons [PEPs] first emerged in the 1990s, known as Senior Foreig...

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs] Read More

Blog

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification

In general, identity proofing and identity verification are essentially the same processes, as th...

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification Read More

Blog

Investor Onboarding | Navigating the Challenges of Digitization

Investor onboarding is introducing new investors to a financial or investment platform while scre...

Investor Onboarding | Navigating the Challenges of Digitization Read More

Blog

A Fintech’s Journey to 100% Compliance and Rapid Growth

My EU Pay, a specialist payment institution serving hundreds of business customers ...

A Fintech’s Journey to 100% Compliance and Rapid Growth Read More

Blog

Identity Verification Isn’t Just for Compliance Anymore

As the article indicates, that fight involves identity verification becoming a mainstream phenome...

Identity Verification Isn’t Just for Compliance Anymore Read More

Blog

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud

Decoding the 2023 Fraud Landscape | Analyzing Shufti’s Millio...

The State of Fraud Detection & Prevention in 2024 | Ready, Set, Fraud Read More

Blog

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024

Video KYC (VKYC) is a method of verifying the identity of an individual or entity by leveraging v...

Revolutionizing the Finance Sector | VKYC’s Impact on Identity Verification in 2024 Read More

Blog

A 2024 Overview of Identity Document Forgery

What is Document Forgery: The Common Types  Identity document forgery is a serious crime that can...

A 2024 Overview of Identity Document Forgery Read More

Blog

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs]

The acronym Politically Exposed Persons [PEPs] first emerged in the 1990s, known as Senior Foreig...

Harnessing the power of AML Screenings to Uncover Politically Exposed Persons [PEPs] Read More

Blog

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification

In general, identity proofing and identity verification are essentially the same processes, as th...

Elevated Business Security: A Comparative Analysis of Identity Proofing and Identity Verification Read More

Blog

Investor Onboarding | Navigating the Challenges of Digitization

Investor onboarding is introducing new investors to a financial or investment platform while scre...

Investor Onboarding | Navigating the Challenges of Digitization Read More

Take the next steps to better security.

Contact us

Get in touch with our experts. We'll help you find the perfect solution for your compliance and security needs.

Contact us

Request demo

Get free access to our platform and try our products today.

Get started