Three Global Brands That Failed to Protect Data in 2019

Everyone is now familiar with Facebook’s many data protection failures. But the social media giant is far from the only business that has managed to fail spectacularly in this regard. It turns out that even the biggest companies in the world are susceptible to the same lapses in judgment as individual employees, which leads to private data becoming very public. Publicly available data means that a lot can be done with it. Some cases are reviewed by Proxyway guys.

While none of the businesses have topped Facebook in the sheer number of people affected by the breaches, their failures are all things that really shouldn’t have happened. If consumers can’t trust big businesses to handle their data securely, who can they trust? 

Consumers need to know that any data they provide has the potential to leak. This should always be taken into account when deciding whether to share it or not.

Capital One

The breach affecting Capital One is one of the largest data leaks ever. It’s still dwarfed by Facebook’s exposure of 540 million customers’ personal details; but with 100 million Capital One customers affected, the incident was a huge embarrassment for the bank. 

Back in July, the bank revealed that a hacker had accessed the private data of over 100 million of the bank’s customers. This data included social security numbers, credit card applications, home addresses, credit limits and balances, and credit scores. Additionally, the hackers had accessed the bank account numbers of a further 80,000 customers.

These 80,000 customers were all secured credit card holders. They had cards typically used by those with low credit scores or even no credit history at all. In other words, these are the kind of people who can least afford to lose money or have any fraudulent credit taken out in their name.

The attack itself occurred in March. By the time Capital One team made the announcement, the security flaw had already been fixed. At that stage, it wasn’t clear if anyone’s identity had been compromised as a result of the hack, and investigations are still ongoing into whether that was the case.

In terms of sheer numbers, the Capital One hack is far from the worst offenders. However, even though 80,000 is a small subset of the total users affected, those users were the ones who could least afford to be hit with fraudulent charges or to have their identities compromised. This makes the Capital One hack one of the most potentially damaging hacks we have seen on an individual level.

Mercedes-Benz

Like many modern cars, Mercedes-Benz autos now feature an array of on-board computer technology. There is even a companion mobile app that car owners can use to remotely locate, unlock, and even start their vehicles. However, as useful as mobile apps can be, they also represent another potential point for data to leak and for hackers to gain access to private information.

It hasn’t yet been established what exactly went wrong at Mercedes-Benz, but the issue manifested in a way we have seen in similar cases with other businesses. In short, users of the Mercedes-Benz mobile app found that they could see the personal information of other customers after logging into their own accounts.

A similar issue affected the Fallout developer Bethesda earlier this year when the Fallout 76 support system started showing users the information of other players.

Mercedes-Benz acted quickly to fix the problem, and within hours after the issue was first reported, the mobile app was taken offline for maintenance. There has been no word on exactly how many customers were affected, but according to the Google Play store, there are 100,000 users of the app on Android alone. 

The rapid response of Mercedes-Benz to take the app offline when they first learned of the issue no doubt helped to minimize the number of people affected. However, this still has to rank as one of the most embarrassing data breaches any business has suffered.

Not only did the app for fail seemingly no reason at all – this is also a tool Mercedes-Benz wants its customers to trust to keep their vehicles safe. As businesses like car manufacturers increasingly integrate computers into their products, it is becoming clear that there is often a lack of tech expertise amongst their staff.

In recent years, we have seen a number of potential exploits demonstrated at black hat hacking conferences showing the potential pitfalls of computerized vehicles. There are already concerns in many quarters about the potential for hijacking these vehicles and then using them for acts of terrorism or to cause harm to individuals.

Adobe

Like many other data leaks we’ve seen, the data breach at Adobe came down to an insecure database used by a third-party developer – in this case, Elasticsearch. This database was accessible without any authentication at all, not even a password to keep the information secure. The database stored the details of nearly 7.5 million Adobe customers, including their Adobe creative cloud account information, such as email addresses, member IDs, countries, and also whether they were an employee of Adobe.

That last part is key, as this hack could potentially have undermined Adobe’s internal security and led to more information becoming compromised. The exposure was first discovered by an independent security researcher, who immediately reported the fault to Adobe. The issue appears to be fixed now, and the Adobe security team has said that this particular environment was “misconfigured”.

Every day we entrust our data to big businesses. However, it is becoming clear that we cannot always trust them to properly look after our data. Unfortunately, there is not much we can do about this as consumers. What we can do is keep demanding that businesses take security seriously and refuse to give data to those that prove they cannot be trusted with it.