Thinkful E-learning website hacked after being acquired by Chegg
Exploit: Unauthorized database access Restaurant Depot: E-learning website for developers
Risk to Small Business: 2.333 = Severe: By leveraging an employee’s stolen credentials, an unauthorized third party was able to access the company’s database. While sensitive data, such as social security information, was not exposed, it’s possible that other personal information was accessed. In response, Thinkful has notified its users of the data breach, and is requiring password resets on all accounts. While the company wrote to its users that it is taking additional steps to enhance security, these efforts will not help those whose credentials were already compromised in the breach. This incident follows on the heels of the company being acquired by Chegg.
Individual Risk: 2.142 = Severe: Any recipient who paid a fraudulent invoice has compromised their personally identifiable information and their payment data. However, even for those that delete the message, it’s likely that their information was obtained through a different data breach, and they should closely examine their credentials for other potential misuses. In some cases, credit or identity monitoring services might be required to ensure their data’s long-term integrity.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: Thinkful’s data breach announcement is especially problematic since it immediately followed news that the company was being acquired by Chegg. It’s unclear how this cybersecurity incident will impact the deal, but cybercriminals often target small companies before an acquisition, hoping to infiltrate their IT infrastructure before coming under the protection of the larger, more robust system of their new parent company. Therefore, businesses must consider cybersecurity as both a moral imperative and a financial necessity, especially in the realm of mergers and acquisitions.