Should Businesses Prepare for Follow-On Attacks After Paramount and Forever 21 Data Breaches?

A Pair of Data Breaches Expose Thousands to Follow-On Attacks

Introduction

Two major data breaches have recently shaken the business world, affecting media giant Paramount Global and fashion retailer Forever 21. In the case of Forever 21, personally identifiable information (PII) for 539,000 consumers was accessed by hackers, while Paramount Global revealed that cyber attackers had gained access to PII of certain individuals for a month. These breaches underscore the ongoing threat faced by businesses and the potential for follow-on attacks that can cause even greater damage to victims.

The Breaches and Their Impacts

Forever 21 discovered the intrusion on August 4, but unauthorized access to their systems occurred between January 5 and March 21. Hackers were able to access PII belonging to 539,000 consumers, including names, Social Security numbers, birthdates, bank account numbers, and information related to the Forever21 health plan, which suggests that employees were also affected. This breach puts the victims at risk of identity theft and various forms of fraud.

On the other hand, Paramount Global revealed that cyber attackers accessed PII for certain individuals for a month, between May and June of this year. The data compromised included names, birthdates, Social Security numbers, driver’s license numbers, passport numbers, and information related to the individual’s relationship with Paramount. It remains unclear which profiles were affected, whether they were website members, employees, customers, or others.

Risk of Follow-On Attacks

The theft of PII, particularly Social Security numbers, can lead to identity theft and various forms of fraud. However, the additional personalized information exposed in these breaches presents an even greater risk. Hackers can use this data to mount convincing follow-on phishing attacks, aiming to gather even more valuable information from their victims. For example, the descriptions of victims’ relationship to Paramount or the details about Forever 21 health plans can provide cybercriminals with the necessary context to trick individuals into sharing more sensitive information.

Moreover, these breaches can also lead to account takeovers, as cybercriminals can use stolen information to gain unauthorized access to various accounts and systems. The potential repercussions for the affected individuals are significant.

Advice for Impacted Individuals

Given the severity of these breaches and the potential for follow-on attacks, impacted individuals must remain vigilant and take necessary precautions to protect themselves:

• Monitor financial accounts and credit reports regularly to identify any suspicious activity.
• Consider freezing credit to prevent identity theft and the opening of fraudulent accounts.
• Be cautious of phishing attempts and avoid clicking on suspicious links or providing personal information over email or phone calls.
• Enable two-factor authentication on all accounts that offer this feature, as it adds an extra layer of security.
• Regularly change passwords, ensuring they are strong and unique for each account.

Security Measures for Companies

These breaches serve as a stark reminder to companies that hold PII to prioritize the protection of sensitive data. Here are some key measures that companies should consider implementing:

• Patch vulnerabilities promptly to close security holes and prevent unauthorized access.
• Review and tighten access controls to prevent misconfigured cloud instances and ensure that only authorized personnel can access sensitive data.
• Implement robust authentication methods for databases and servers that house PII to prevent unauthorized access.
• Establish identity verification measures to ensure that users accessing accounts are legitimate and not fraudsters.

The Ongoing Threat of Data Breaches

Data breaches not only harm the organizations that experience them but also have severe repercussions for individuals whose data is stolen. The stolen information can be bundled and sold on the Dark Web, potentially remaining useful to cybercriminals for years. Companies must recognize the need for robust cybersecurity practices and identity verification measures to mitigate the risk of data breaches and protect both their customers and themselves from the devastating consequences of these attacks.

The Need for Stronger Cybersecurity

These breaches should serve as a wake-up call for businesses of all sizes. The importance of investing in robust cybersecurity measures, staying up to date with the latest security patches, and ensuring proper access controls cannot be overstated. The increasing sophistication of cyber attackers demands constant vigilance and rapid response to address vulnerabilities before they can be exploited.

As technology continues to advance, more businesses will become targets of cybercriminals. It’s crucial for companies and individuals to take cybersecurity seriously and prioritize the protection of personal information. Only through a collective effort can we build a safer digital landscape and mitigate the risk of damaging data breaches.