Popular stock trading app Upstox has alerted users of a security breach that exposed some PII for an estimated 2,500,000 customers. The company was careful to note that funds and securities were not impacted. Upstox notified users that it had received messages that claimed unauthorized access to its database along with the breach of its data and KYC details from third-party data-warehouse systems.
Risk to Business: 2.055 = Severe
Upstox has not been specific about the exact customer data stolen but admits that contact data and some identification details may have been exposed. The company has initiated a secure password reset via OTP (one-time password) for all accounts.
Customers Impacted: 2,500,000 customers
How it Could Affect Your Customers’ Business: Cybercrime is around every corner. It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Third-Party Risk Brings Danger to Your Door Daily
Even if you’re making all the right cybersecurity moves, can you be certain that every organization that your business has a relationship with is doing the same thing? 98% of organizations have had a threat arrive at their doorstep because of a data breach or security incident a third party or supply chain source in the last 12 months – and that’s a vector for incoming cyberattacks that you may not even know about.
Third-party and supply chain risk can come from any vendor or service provider that you do business with. Are you outsourcing file transfers or information storage? That’s how more than a dozen universities were hacked using information gained in a breach at transference and collaboration specialist Accellion. Using specialized software for fundraising? Hundreds of leading charitable organizations and trusts were too – and many of them were hacked because of a data breach at software provider BlackBaud.
No business can exist without others. Any organization that has information about your business could be putting your systems and data at risk. As the world becomes more interconnected and cloud-based, that risk is growing every year. New cyberattacks fueled by dark web data are adding to that risk too. At the start of 2020, an estimated 65% of the information already on the dark web could harm businesses, and 22 million more new records were added by the end of that year.
Reduce your company’s chance of damage from a third party or supply chain based attack by taking a few simple precautions. Add multifactor authentication to every account – Microsoft says that it stops 99% of password-based attacks. Increase phishing resistance training too. Much of the data that bad actors gain is used for spear phishing. Dark web monitoring helps reduce risk too by alerting you if any of your company’s protected credentials are exposed.
How about some good news? By following these tips, you’re not just increasing your company’s protection against third party and supply chain risk. You’re also boosting your organization’s overall cybersecurity posture against many other damaging risk like ransomware and account takeover as well as increasing your cyber resilience – and that delivers you some much-needed peace of mind.
Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!