Door Dash recently made headlines for a massive data breach that exposed the personal data of over over 4.9 million customers, delivery workers and merchants. That is close to 5 million people whose personal data is now in the hands of hackers.
The breach was reported to have occurred on May 4, 2019 – however, the breach wasn’t reported until last week. DoorDash said the company became aware of a security intrusion earlier this month after it noticed some “unusual activity” from a third-party service provider. During that time frame, hackers were able to do serious damage. It is being reported that users who joined the platform before April 5, 2018, had their name, email and delivery addresses, order history, phone numbers and passwords stolen. The company also said consumers had the last four digits of their payment cards taken, though full numbers and card verification values (CVV) were not taken. Both delivery workers and merchants had the last four digits of their bank account numbers stolen. Around 100,000 delivery workers also had their driver’s license information stolen in the breach.
Door Dash claims the breach involves a third-party service provider.
What should your business do now?
Phishing testing and training
Be suspicious of phishing emails, which are usually the next step of cyber criminals after a breach in an attempt to trick users into giving up further details like passwords and bank information. Hackers now have personal email of millions of people, they will use that info to try and trick your employees into giving up more data. Conduct phishing training and testing asap so your users know how to spot and report phishing emails.
Monitoring 24×7 & SIEM Management
ACE IT Solutions monitors your systems around the clock and reports and stops intrusions in REAL TIME. The sooner you know about an intrusion, the faster it can be remediated. This give hackers less time to do big damage and will save your business big headaches in the long run.
A cybersecurity assessment will find and address gaps in your firm’s cybersecurity program, ensuring your business is protected against the ever-evolving security threat landscape. ACE IT Solutions can tailor a cybersecurity program to meet your business’ specific risk profile, budget and compliance needs.
Vendor Vetting & Review Third Party Cyber-Controls
Door Dash blames the breach on a third-party vendor. That is hardly an excuse. It is common knowledge that hackers often use a 3rd party vendor with weak security to gain access to a bigger target. Your clients entrust you with their sensitive data, so it’s important that the vendors you work with have safeguards in place to keep this data secure. Faced with complex, global third-party networks, it’s more critical than ever for you to have an effective strategy for evaluating and monitoring third-party risk. ACE IT Solutions can assess the security standards of potential vendors and identify any loopholes or red flags so you don’t get caught in the middle of a data breach.
ACE IT Solutions offers a comprehensive suite of customizable cybersecurity services to meet your organization’s specific risk profile and compliance needs. Our cybersecurity program is designed to ensure the security, integrity, and uninterrupted delivery of information so that we can support our clients’ growth objectives.
We’ve structured our cybersecurity program to stay ahead of — and effectively respond to — cyber threats and their diverse, multi-faceted attacks. Our security minded clients with the right strategy in place will be better prepared and protected for any potential threats or hacks and for future cybercontrol initiatives they will be implementing.
Contact ACE IT Solutions today at 646.558.5575 or to stay ahead of hackers and ensure the continuity of your business.