On February 16 of this year, Decathlon Group, one of the mainstays of the worldwide sports retail sector, had to face a major challenge. Its offices in Spain, and to a lesser extent, its UK headquarters, were hit by a data breach.
The leak had been detected four days earlier, on Wednesday February 12, by an external company, which decided to warn the business group when it analyzed all the material that had been found. Not only was Decathlon’s private information at risk, but so too was its customers’ data, along with the company’s reputation and brand image.
123 million records_
The company discovered that the breach had exposed 123 million records from a Spanish server, most likely along with information from the group’s British division. The report of the technicians who found the breach indicated that the leaked data included employees’ unencrypted usernames and passwords, Social Security and phone numbers, home and email addresses, and emails from customers of the international group, along with other data included in the final report. In total, 9GB of private information was leaked from the Decathlon Group. On the other hand, the possibility that there had already been previous leaks, or that there would be new leaks affecting other international divisions of Decathlon, has not been ruled out.
A hook for other crimes_
The leak that the company suffered could have a range of consequences, most of which are related to identity theft:
A.- Phishing. When a cyberattacker has the login details for an email address, the future victim may be the owner of this account. However, what is more likely is that the victim’s workmates and managers will be the victims, as the attacker will be able to use the victim’s email address to trick them and endanger the company’s IT security.
B.- Identity theft. Identity theft is one of the most common attacks in cybercrime. The attacker could use the stolen credentials to impersonate a specific employee, their colleagues, or even a manager. In this case, there is one risk that is of particular importance: so-called CEO fraud, where the cybercriminal could pose as a director and order, for example, unlawful bank transfers.
C.- Information theft. An indirect consequence, but a highly important one. If the cybercriminal manages to pull off any of the above steps, they will have access to a great deal of privileged information within the company they have attacked, which they will be able to sell, or at least use it for their own ends.
D.- Economic cost. There is always a price to pay for any theft. This price could be anything from having to pay data protection regulation sanctions, to the loss of trust caused by reputational damage.
How to avoid data breaches_
In order for organizations to be able to avoid vulnerabilities and incidents such as those we’ve discussed here, it is advisable to adopt two strategic measures:
1.- Analytics. Reacting after the fact is never a good way to avoid cyberattacks or breaches. To get ahead of cybercrime, a company needs to monitor any kind of process that is running on all its endpoints at all times.
2.- Custody. A company’s sensitive data, as well as that of its employees, customers, and other parties linked to the organization, must have a special, compartmental custody applied to it, so that, in the event of an incident, it can be blocked quickly.
At Cytomic, we apply scalable data analytics through the Security Data Analytics paradigm, which expands and accelerates the reduction of the attack surface, the prevention, detection, and response to cyberattacks of any kind, carried out with any kind of known or unknown malware, ransomware, APTs, or Living-off-the-Land techniques. What’s more, to ensure that organizations’ private and sensitive information is properly protected, Cytomic clients have available to them Cytomic Data Watch, which monitors files on all devices to search for personal and sensitive data, as well as allowing files to be deleted from a single console to mitigate any risk.
Ultimately, it is essential to understand that a data breach doesn’t just affect the company that it hits. It also affects the organization’s reputation, as well the lives of its employees, shareholders, and even its customers. All of this means that preventing, avoiding and mitigating as far as possible incidents of this kind is the best way to stop serious crises with reputational and financial consequences.