Exploit: Accidental data exposure
PayMyTab: Hospitality payment platform
Risk to Small Business: 2 = Severe: Cybersecurity researchers located an unsecured Amazon Web Services bucket that contained the personal data for tens of thousands of PayMyTab users. Notably, the data packet was exposed because PayMyTab personnel failed to follow Amazon’s security protocols. Fortunately, the error was discovered by white hat hackers and was reported to the company, but the bucket had been exposed since July 2, 2018, giving bad actors plenty of time to locate and exploit the information first.
Individual Risk: 1.428 = Severe: User data was openly exposed to the internet, including customer names, email addresses, telephone numbers, order details, restaurant visit information, and the last four digits of payment card numbers. Those compromised by the breach should know that this information can be repurposed by cybercriminals to perpetuate other cybercrimes like phishing attacks. In addition, consider alerting your card issuer to the breach and ensure that your payment card information isn’t misused.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Understandably, SMBs sometimes fall short in funding cybersecurity initiatives, but compromises can stifle growth and innovation. This incident was an entirely avoidable mistake, and it’s one that could cost the company as it seeks to expand its customer base and capabilities. More than that, it’s a reminder that a great idea can be stymied by failing to account for the vulnerabilities that accompany improvements in user experience.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
