October is National Cyber Security Awareness Month – So where’s all the security?

October is National Cyber Security Awareness Month (NCSAM) but it appears that nobody has noticed based on the number of breaches we have witnessed since the beginning of the month. Let’s take a look at some of the most recent breaches that have garnered attention so far in October and what John Prisco, our CEO and President here at Triumfant, had to say about them:

  • Dairy Queen – On Thursday, Dairy Queen confirmed that nearly 400 Dairy Queen locations (and one Orange Julius location) were compromised by Backoff malware in August. When news of a potential breach first broke in August, Dairy Queen denied the breach initially but then began an investigation. Customers’ names, card information, and expiration dates were all accessed in the breach. Dairy Queen now believes that the malware has been contained, and the company’s website lists all affected stores as well as the dates of the attack. John spoke about the breach saying: “Would you like a breach with your sundae? Dairy Queen is another example of a company that is easy pickings for cyber criminals. There are a thousand more unprepared companies that will grace the front page of our newspapers over the next year. I scream, you scream, we all scream…pay with cash!”
  • JP Morgan Chase – While the story of this breach started in September, last week JP Morgan Chase confirmed that 76 million households and 7 million small businesses were impacted in a data breach in June and July. JP Morgan says that financial data—including account numbers, passwords, dates of birth, Social Security cards—was not accessed in the breach. Customers who use Chase.com, JPMorganOnline, Chase Mobile or JPMorgan Mobile may have had their contact information accessed, including names, addresses, phone numbers and email address. John spoke with eSecurity Planet on this matter: “Gone are the days when a tool like anti-virus was a good enough security solution and hopefully this serves as a proper wake-up call to the industry.”
  • AT&T – Also last week, Reuter’s reported that an employee at AT&T accessed personal information belonging to approximately 1,600 AT&T customers in August. AT&T informed these customers in a letter that their Social Security numbers, driver’s license numbers, and internal AT&T information were all potentially compromised by the employee, who has since been fired. AT&T is offering free credit monitoring services to customers, and recommends they change their account passcodes. After hearing about this, John said, “Anomalous behavior software is required to discover when an insider, while working on an endpoint computer, is ‘acting’ out of the norm. Until this type of defense is more broadly deployed, expect to keep seeing these headlines.”

While every month is National Cyber Security Awareness Month for us here at Triumfant, we think it’s an important initiative by the government and the security industry to work together to promote and spread awareness to those who may not be as vigilant about cyber security as they should be.

Even when we are not directly connected to the Internet, our critical infrastructure—the vast, worldwide connection of computers, data and websites supporting our everyday lives through financial transactions, transportation systems, healthcare records, emergency response systems, personal communications and more—is at risk. That’s why we are happy to support efforts to spread the word on helping us all becoming safer and more secure cyber-citizens.

For more information on National Cyber Security Awareness Month, visit Stay Safe Online.