Exploit: Unprotected Elasticsearch cluster.
Burger King: Global fast food chain.
Risk to Small Business: 1.888 = Severe: A database for Burger King’s France-based online store for kids was left unprotected, allowing anyone to access sensitive personal information from thousands of shoppers. Those with access to the database were able to edit, download, or delete any of the database details, which were stored in plain text. Although the company immediately disabled controls, it’s entirely possible that data was compromised during the breach window.
Individual Risk: 2.285 = Severe The data in question included personally identifiable information including names, emails, passwords, phone numbers, dates of birth, and voucher codes. Since the Kool King Shop caters to kids who bought Burger King menus, it’s probable that at least some of the exposed information belongs to minors, something that is especially noteworthy in any data breach. Although there is no indication that data was stolen, customers who participated in this program should assume that their data may have been accessed, and they should enrol in identity monitoring services.
Customers Impacted: 37,900
How it Could Affect Your Customers’ Business: Security researchers did not find any ransom notes in the database, something that is more attributable to luck than cybersecurity prowess. As companies around the world grapple with the aftermath of a ransomware attack, security providers at every level must understand the importance of addressing cybersecurity vulnerabilities and updating infrastructure accordingly. In many cases, partnering with a third-party can help companies identify their greatest risks before hackers can exploit them.
ClearYolk to the Rescue: Designed to protect against human error, our phishing service simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defence against cybercrime.