Exploit: Unauthorized database access
Aerial Direct: Independent telecommunications provider
Risk to Small Business: 1.197 = Extreme
Hackers gained access to an external backup database on February 26th that included the personal information of current and former customers. The breach contains copious amounts of customer information dating back six years. Although the company was quick to secure the database, the incident could impact its customer relationships, including its relationship with the O2. At the same time, the company will likely face regulatory scrutiny under Europe’s GDPR guidelines, which could have further challenged the company’s recovery efforts.
Individual Risk: 2.807 = Extreme
The breach compromised customers’ personally identifiable information, including their names, dates of birth, business addresses, email addresses, phone numbers, and purchasing information. This information can quickly make its way across the internet, and bad actors often use it to execute new cybercrimes. Those impacted by the breach should carefully evaluate their accounts for suspicious activity while staying vigilant to assess the validity of incoming messages.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The defensive posture of third party contractors and the implications of data privacy regulations are some of the top concerns for today’s companies, and this incident reflects the continual struggle to account for both. Since third party partnerships will continue to be a business necessity and data privacy regulations will only continue to proliferate, now is the right time to establish a framework for managing both of these priorities.
Source:
https://www.theregister.co.uk/2020/03/13/o2_customer_data_slurped_through_partner_databse/