Recent Data Breaches USPS and Marriot
  • Recent Data Breaches USPS and Marriot
    Recent Data Breaches USPS and Marriot

    Recent Data Breaches USPS and Marriot

    More and more it seems that data breaches are becoming the norm. We recently became aware of two large data breaches and we wanted to share that information with you.

    USPS Data Breach

    The first Data breach comes courtesy of the United States Postal Service (USPS). The data breach was caused by a broken application programing interface (API) in the post offices InformedDelivery service. This tool was used to preview incoming mail, track packages, and manage redeliveries.

    They were able to pull data on 60 million users which included the following:

    • E-mail addresses
    • Phone numbers
    • Mailing campaign data

    What is worse is that no special hacking tools were needed for this request. The USPS patched the whole this week but it was originally discover in 2017.

    Marriot Data Breach

    The second data breach comes from Marriot. Marriott’s’ recent data breach of their Starwood reservation database effected a group of hotels that were purchased in 2016 by Marriot. The hotels affected by the breach are:

    • Regis
    • Westin
    • Sheraton
    • W Hotels

    The information pulled from these breach includes:

    • Names
    • Phone numbers
    • E-mail addresses
    • Passport numbers
    • Date of birth
    • Arrival and departure information
    • Along with credit card numbers and expiration dates

    Marriot warns that they cannot confirm if the credit card numbers were decrypted but that have notified compromised guests and their CEO apologized. They have also created an information website located here

    With more than 500 million users compromised this marks it as one of the biggest data breaches in history. Only Yahoo holds the record for a bigger data breach.

    If you participated in either of these companies it is recommended you change your password with them as soon as you can.

    What can We Do to Mitigate Data Breaches?

    IT Managed Security
    While we normally hear about these large breaches the fact is that smaller businesses are much riper targets for hackers. Small businesses tend to have less or no security policies in place and the growing nature of remote work opens companies up even further to this kind of information.

    As a member of the Solvere One Family you are already a step ahead. Our managed IT security team monitors your network for any abnormal behavior and with tools like Sophos we are able to prevent possible compromises before they occur, but more can always be done.

    Reach out to us about cyber security to enhance your safety

    We have specialists that can help identify vulnerabilities to your network which can then be triaged by our team

    Keep business and personal accounts separate

    IT Security Services
    It can be difficult to keep track of the various passwords that we use but it is important not to replicate the same password across all devices. We recommend Dashlane for password management. Feel free to reach out to your SA for more information

    Build Awareness

    Attitude adjusts Latitude as the saying goes. Keep your team engaged and encourage a healthy amount of skepticism when it comes to e-mails from unknown senders, curiosity about your work that goes beyond casual conversation, and more. While movies make hacking look cool the fact is that social engineering is one of the highest forms of hacking; no “hacker skills” needed.

    Enforce restrictive data permissions

    Data Security Breach
    Most data breaches don’t involve wild card searches, or a high level of sophistication. They often can come from employees either intentionally or unintentionally. The best example of this is using a home device to access work data without a secure VPN system in place. You should be certain that people only have access to the information they need to do their job.

    We do our part for this by always reaching out to you, the POC, for approval should anyone request access to data they do not have access to.

    Please follow and like us: