Tuesday: Crimes and Consequences
Sounds like it ought to be a game show, doesn't it? Sadly, it's today's state-of-affairs in the cyber-security and cyber-insurance space.
Let's begin with the "crimes" part. Just out from ZDNet: "AeroGrow discloses data breach, card skimming malware blamed."
What makes this breach noteworthy, we think, is that it was a card-skimming type of breach and it wasn't discovered for four months after it began.
"On March 4, 2019, AeroGrowlearned that an unauthorized person may have acquired, through the use of malicious code, the payment card information that users entered into the eCommerce vendor’s payment page. Upon learning of the incident, we immediately removed the malicious code and secured the website. We are writing to you because our investigation indicates that the payment card information you submitted to the eCommerce vendor’s payment page may have been compromised. This malicious code may have been present on our website between October 29, 2018, and March 4, 2019."
The number of persons or transactions involved was not immediately known.
On the Costs Front, Meanwhile...
Here's another one we're tracking here at the Cyber-Armada be cause it will eventually contribute to our metrics on costs of breaches:
What is not clear is whether the settlement will be accepted as it may have involved upwards of 200-million users in both the U.S. and Israel.
We anticipate that Yahoo would argue that it's costs of credit monitoring for victims and so forth will be a much larger number than $117.5-million. But, recently PII (personally-identifiable information) cases have been settling at close to $100/per record.
We'll be tracking this one closely.
If you worry about your company's exposure to a data breach, get a free risk assessment from your Cyber-Armada specialist.
Don't have one? Click here to rectify that shortcoming, right now.