Each month, we’ll bring you some of the most compelling cloud and Salesforce security-related stories from the last four weeks. In this post, we discuss Texas’ new cybersecurity training, the DoorDash data breach, a top investment priority for UK banks, and more.
New York state Attorney General Letitia James has filed suit against coffee chain Dunkin’ Donuts for failing to alert almost 20,000 customers about hacked accounts. Beginning in 2015, users of Dunkin’s website and mobile app may have had their accounts compromised by online attacks, according to the lawsuit. Another attack in 2018 was included in the suit along with claims that the company downplayed the severity of the incident.
In an effort to explain why they didn’t disclose the incidents to customers, Dunkin’ Donuts has stated that no payment information was accessed during the breaches. The company plans to challenge the attorney general’s claims in court.
“Dunkin’ failed to protect the security of its customers. And instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin’ sat idly by, putting customers at risk.”
– New York Attorney General Letitia James
This year, the state of Texas passed a House bill introducing mandatory cybersecurity training for most government workers. The Texas Department of Information Resources (DIR) is accepting applications for cybersecurity training programs after committing to certify at least five programs in line with the new law.
Programs emphasize developing positive habits and procedures that enable employees to secure information resources. In addition, to be certified, DIR is looking for programs that highlight best practices to detect, assess, report, and address information security threats.
4.9 million customers, merchants, and drivers were impacted by a recent DoorDash data breach that affected the popular food delivery service. A third-party vendor reportedly gained access to information including names, addresses, email accounts, phone numbers, passwords, driver’s license numbers, and the last four digits of customer credit cards. Only customers and employees who joined on or before April 5, 2018 were affected. To remedy the situation, DoorDash has stated that they’ve cut off access to the information, added additional security layers, improved security protocols for system governance, and plan to consult experts about ways to thwart future threats.
DoorDash is reaching out to affected users directly with next steps, but all users are encouraged to change their passwords to something unique to their DoorDash account.
Always looking to improve their services, Salesforce recently announced improved capabilities for its Financial Services Cloud product. The newest additions are geared towards helping insurance companies execute digital strategies to increase employee retention more easily – especially top performers. Many insurance companies still use decentralized, outdated computer systems that don’t enable a fully digital transformation. With the new updates – including an Agent and Customer Service Rep Console and prepackaged Lightning Flow templates – employees can obtain more detailed views of customers and policy holders, enabling them to enhance engagement, support sales, and boost performance.
“Now, more than ever before, the insurance industry is working towards delivering more relevant and engaging experiences at every stage of a customer’s life. By leveraging data and AI and digitizing touch points, we can now help insurers deliver distinctive experiences.”
– Ayan Sarkar, Global Head of Insurance, Salesforce
A new BitSight study revealed that almost two in five organizations have lost customers because of a lack (or perceived lack) of cybersecurity. Tom Turner, CEO of BitSight, said, “Financial success, brand perception, business continuity, and company reputation now all hinge on security performance.”
How can companies improve their cybersecurity? According to Turner, it begins with performance management and establishing baselines. “We think this study should serve as a wakeup call for security leaders and their executives and boards to take a close look at their strategies for security performance measurement and reporting – after all, their businesses are now on the line,” he concluded. What does this mean for organizations? It’s time for companies to review security and privacy strategies to establish trust and retain customer bases before it’s too late.
Yahoo users who had an account between January 2012 and December 2016 may have been affected by a series of data breaches that resulted in a class-action lawsuit nearing $117.5 million. Yahoo has been in the news multiple times in the past decade for multiple breaches – in 2017, the company admitted that all three billion user accounts had been broken into in 2013. Other hacks occurred during 2012, 2014, 2015, and 2016.
Together, the breaches allowed criminals to access personal information like email accounts, contacts, calendars, phone numbers, passwords, security questions and answers, and more. As part of the settlement, Yahoo is offering two years of free credit monitoring services or $100 in compensation to affected parties.
A research survey of financial organizations based in the UK has shown that one of the top investment priorities for firms this year is cybersecurity. Many companies report increasing the size of their budget dedicated to cybersecurity operations and capabilities in response to the rise in security threats and incidents. Another report demonstrated that about 70% of financial firms in the UK faced a security incident over the past 12 months, half of which were caused by internal sources, making cybersecurity a wise investment.
“In 2019, firms are arguably more dependent than ever on technology. With this rapid advancement, the risks from cybercrime are increasing, placing extra pressure on financial institutions to change the way they operate.”
– Robina Barker Bennett, Head of Financial Institutions, Lloyds Bank Commercial Banking