Exploit: Unauthorized database access
TOMS: Designer and producer of shoes, eyewear, coffee, apparel, and handbags
Risk to Small Business: 2.333 = Severe: In an unusual cybersecurity incident, a hacker hijacked the mailing list for TOMS and sent a message encouraging customers to log off their devices and enjoy the outdoors. The message was not malicious in nature, but the hacker admitted that he accessed the platform for a significant time period before sending the email. The hacker also ridiculed bad actors, describing their actions in obscene language sent to TOMS customers. Fortunately, the hacker didn’t disrupt any other elements of TOMS’ IT infrastructure, but his actions highlight the company’s weak cybersecurity standards, which could negatively impact the company on many fronts.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s customers value cybersecurity as highly as any other component of a company. This incident broadly publicized the company’s shortcomings, inviting media and customer scrutiny and serving as a warning for other companies to protect their IT environment at every level. This time, the breach was merely embarrassing, but the next one could be devastating.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
