Woolworths Self-Inflicted Breach A Clear Example Of Insider Negligence

  /     /     /  
Publicated : 22/11/2024   Category : security


Woolworths Self-Inflicted Breach A Clear Example Of Insider Negligence


Australian grocer sent master spreadsheet of customer information and redeemable codes for thousands of gift cards to hundreds of customers.



This weekend, an Australian grocery chain offered a textbook case study in why insider threats—even the non-malicious kind—are so important to address. Woolworths found itself in a pickle when it had to cancel over $1 million in gift cards when someone at the firm accidentally emailed an Excel spreadsheet with customer information and redeemable codes for close to 8,000 giftcards to over 1,000 customers,
according to Australian-based Fairfax Media
.
Its a clear reminder of how embarrassing and costly an accidental leak can be when it causes a breach.
“Woolworth reminds us that protecting yourself from human error is just as important as protecting yourself from hackers and malware, says Gord Boyce, CEO of FinalCode.
According to reports, the self-inflicted breach occurred on the heels of a Groupon sale of $100 and $200 gift cards at a small discount. When they bought the cards, customers were told theyd get an email from Woolworths that would have a PDF attachment containing an electronic voucher. Instead of the PDF, many customers were emailed a master list with information for over $1 million in vouchers.
Not only were customers email addresses and names exposed by the breach, but the information made it possible for unauthorized people to fraudulently use others gift cards, which ultimately caused the retailer to cancel all of them.
Its unclear yet what the ramifications will be for the grocer, but this even comes just a little over six months after the Office of the Australian Information Commissioner (OAIC) released a formalized privacy policy. The OAIC privacy commissioner released a statement today saying it would look into the breach to see if the agency will need to look into the matter.
According to the Privacy Rights Clearinghouse reported that last year more than 113 incidents involved accidental leakages, involving more than 440,000 records. Meanwhile, the most recent Verizon Data Breach Investigation Report (DBIR), 90 percent of breach cases the firm investigated had some component of employee involvement.
This jibes with a remark made by FBI veteran Frank Abagnale in April at the SailPoint Navigate conference. The inspiration for
Catch Me If You Can,
Abagnale says that all of the breaches hes investigated involved an employee—typically non-malicious.
“There’s no master hacker, he said. They’re waiting for doors to open because someone didn’t do something, or they did something they shouldn’t have.”
 

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Woolworths Self-Inflicted Breach A Clear Example Of Insider Negligence