Exploit: Malware attack
DeBella’s Subs: Rochester-based restaurant chain
Risk to Small Business: 2 = Severe: Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach.
Individual Risk: : 2.428 = Severe: Customers’ personal and financial data may have been compromised in the breach. This includes names, payment card numbers, expiration dates, and CVV numbers. The breach is limited to customers in Connecticut, Indiana, Michigan, Ohio, New York, and Pennsylvania between March 22, 2018 and December 28, 2018. Although the damage resulting from the data exposure may already been inflicted, those impacted should still take necessary precautions such as contacting their financial institutions and reviewing card histories to check for unauthorized charges.
Customers Impacted: 305,000
How it Could Affect Your Customers’ Business: Reputation management and restoration is a critical component of an effective data breach response plan. Although it’s more difficult to quantify than direct financial losses, reputational damage can be extremely problematic for any company and even place their ability to recover in jeopardy. Instead, providing timely communications and a comprehensive overview of what happens to customer data after it’s stolen can help companies demonstrate that they are serious about data security, helping restore customer confidence along the way.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
