Nespresso Data leak | Cybercrime

It’s a Caffeine hit with Nespresso Data leak

Cybersecurity has been in the headlines a lot lately, with South African companies increasingly falling victim to hacking, malware, and data breaches.

Two of South Africa’s best loved brands, Absa and Nespresso, recently had their share of cybercrime trouble when the companies suffered large data breaches in which the personal information of their clients, suppliers, and distributors was at risk.

Here’s what you need to know about these major cybersecurity failures as we all do our best to stay safe online

Nespresso data breach: jitters caused by the latest major data leak to hit SA

Many of us like to start our day with a nice fresh cup of coffee, but for Nespresso distributor Top Coffee, the morning of March 8 began with something less appealing: a huge data leak.

The company, which is responsible for distributing the well-known Nespresso machine and the variety of coffee pods that go with it throughout South Africa, holds a significant amount of personal information relating to clients and coffee retailers in its database.

While Top Coffee was quick to point out that no sensitive financial information is likely to have been leaked, highly personal information like names and phone numbers may have been part of the data that was lost. The company has since fixed the error that lead to this incident and assured clients that their data has been protected.

Nespresso is just one of hundreds of South African companies that have fallen victim to cybercrime over the past few years, with the number of these incidents having increased since 2020.

Absa data leak update: 15 months later, worse than we thought?

Clients and suppliers were shocked in November 2020 when Absa announced that it had been the victim of a major data leak . The bank, which has almost R1.4 trillion in financial assets and 9.7 million customers throughout South Africa, was widely respected for its comprehensive digital security measures until the breach occurred.

According to Absa, the personal information of many clients may have been compromised in the leak. The bank is in the process of contacting clients who were directly affected on an individual basis.

This information was released by Absa following an extended investigation by the bank that lasted more than a year.

These two major data breaches highlight the importance of having comprehensive data backup and security in place no matter how large or small your organisation may be.

be proactive: protect your data with secure cloud storage

Cybersecurity measures like a strong firewall, updated antivirus software, and secure cloud storage are some of the ways you can protect your business against data-related crimes. Reduce the downtime and recovery of an unwanted data leak with encrypted and automated online backup.

To learn more about our range of cloud storage solutions, contact the Soteria team today.

2021’s First Quarter Data Leaks Exceed 5-Billion

The first quarter of 2021 seems to be off to a good start – for cybercriminals, that is. According to new reports on Hackmageddon, the first few months of the year have been plagued with cyberattacks and data leaks, with February being the worst month of them all. While January had the most cyberattacks, 23 to be exact, February’s attacks (12 of them) resulted in the most significant data losses, with 3.4 billion records being breached.

An astounding 1.4 billion records were breached in January. Still, in February, when the COMB data leak was reported, it was found that nearly 70% of the world’s population was affected. That’s a lot of people! Before you start Google searching the “COMB data leak,” it actually refers to a “Combination of Many Breaches”, which was really the only way the researchers could compile and look at the breaches as a whole!

january & February data leaks

Research shows that data breached in January and February 2021, was a combination of emails and passwords that had been leaked before. These were the sign-in details of major sites, including the likes of LinkedIn and Netflix. Once the hackers had the information, they shared it with their hacker buddies on a hacking forum!

March must be the month that most hackers take their annual leave (sarcasm intended) because, during the month of March, only 153 billion records were breached, making it the quietest month of the year to date.

The award for the biggest data breach of the year thus far goes to Facebook. One fifth of their entire user network was recently affected in a data breach – leaving 533 million people exposed to hackers.

how can businesses protect themselves?

With data breaches as much on the rise in South Africa as the world over, downloading a free version of security software simply isn’t going to do enough to protect your business and its clients (and your employees too).

Industry professionals advise that businesses hire cybersecurity professionals who know what they are doing. Once you have your cybersecurity mechanisms in place, test them out because if you don’t, cybercriminals will. And they will find the weaknesses in your system and take advantage of them.

education is also an important factor

Any employee that uses a digital device, either one that belongs to the business or their own on your network, needs to be fully educated on the cybersecurity risks and how to behave when using the networks and devices.

Password updates need to be regular, and you must upgrade and enhance your security system as often as possible.

have you been a victim of a cyberattack in 2021?

Sharing stories and information plays a crucial role in helping others become more aware of the risks out there and how they can be overcome. If you or your business has been a victim of a cyberattack/breach this year, share your story with us!

Heads Up: UIF Covid-19 Relief Scheme Website is Hit by a Data Leak

With identity theft and fraud on the rise, no one really wants any of their personal information “out there” in the public eye. Unfortunately, people who have made use of the government’s UIF Temporary Employer-Employee COVID-19 Relief Scheme during Covid-19 times, are now faced with the risk of having their personal details used against them.

The Vulnerability on the UIF Website

As it turns out, while the government was busy focusing on getting funding to its people, opportunistic criminals were provided with an open door to the UIF reference numbers and total payout amounts of each individual paid out. The real danger comes in where criminals can write scripts to extract the amount paid to each individual and on what date.

UIF’s Turnaround Efforts

Security researchers recently reported the problem to the UIF and they have made efforts to thwart the attempts of online criminals by removing the UIF reference numbers from the downloadable list and featuring a security CAPTCHA on the page. However, one can still look up a person’s UIF payout details if they have the individual’s ID number. One has to wonder how secure that is, especially when you realise that the UIF website doesn’t require an individual to register an account on the website or login, in order to see these details.

Official UIF & Ministry of Labour Response

When industry professionals reached out to the Ministry of Labour regarding the data break and security issue, they directed them to speak with UIF representatives instead. In the meantime, the UIF has not responded to requests for comments and feedback.

Last Word

As the UIF remains silent on the matter, it is in the best interests of citizens to know the risks that they face as beneficiaries of the new Temporary Employer-Employee Relief Scheme.

Want to start protecting your personal data a bit better? Take a look at the security features offered for small to medium businesses with data encrypted online backup at Soteria.