Contents:
The Canadian airport parking company revealed that the Park’N Fly data breach impacted the data of 1 million customers.
An unauthorized third party breached their network between July 11 and July 13. According to the company’s note to the impacted clients, the attackers used remote VPN access to infiltrate the network. The IT team discovered the breach had impacted the customers’ private data two weeks later, on August 1st.
Source – Bleeping Computer
The data compromised in the Park’nFly data breach
Park’nFly said that the hackers didn’t get access to any financial or payment card information. What they were able to seize was:
- full names
- email addresses
- physical addresses
- aeroplan number
- CAA numbers
While these are usually public data, threat actors can correlate and use them in cybercrime. Some of the most common risks are phishing attacks, smishing and social engineering. The impacted persons should consider changing their passwords and staying alert for phishing attempts.
Security measures against data breaches
After discovering the incident, the company said they took additional technical and administrative steps to bolster their security posture. In their note to customers, Park’nFly said they’ve increased security surveillance and updated their antivirus throughout the network.
For better data protection, companies should consider following a layered defense strategy. Here are some of the measures you should take to protect data integrity:
- Use strong passwords and multi-factor authentication
- Enforce the principles of least privilege and just in time access to limit who can access sensitive databases. See how Heimdal’s Privileged Access Management suite can help you secure privileged access and avoid data breaches
- Use end-to-end encryption to protect data in transit
- Implement a DNS filtering solution to detect and block malicious communication
- Patch known vulnerabilities that hackers could exploit to breach your system. Yes, there are thousands of CVEs, but an automated patch management tool can help you with that.
- Secure remote access and enforce a strong BYOD policy
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.