[BreachExchange] Gumtree hack a reminder for SMEs not to have a “set and forget” mentality when it comes to online security

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 3 21:20:51 EDT 2016


http://www.smartcompany.com.au/technology/68345-gumtree-hack-a-reminder-for-smes-not-to-have-a-set-and-forget-mentality-when-it-comes-to-online-security-experts/

Gumtree’s recent security breach should serve as a reminder to small
businesses that they can’t have a “set and forget” mentality when it comes
to protecting customer data, according to experts.

Late last month online marketplace Gumtree revealed how some of its users’
information was compromised during a security attack.

Hackers gained access to people’s names, email addresses, and phone numbers.

However, customers were told their passwords and payment details were not
accessed.

A spokesperson for Gumtree told SmartCompany the incident was resolved
“within minutes” and was an isolated event.

“We’ve since taken extra steps to protect user information,” the
spokesperson said in a statement.

“The affected users, privacy regulators and the Australian Federal Police
have been notified.

“Safety and security of our community remains our number one priority and
we continue to educate our users about staying safe online and identifying
potential scams or phishing attempts from fraudulent parties.”

Security expert Michael McKinnon told SmartCompany Gumtree alerting its
customers to a data breach is best practice.

“There is still – in this country and many other parts of the world – often
no legal obligation to have to disclose a breach,” McKinnon says.

“There are a lot of companies today that are getting hacked that we never
hear about. But if you’re looking at the long-term reputation of your
business, disclosing a breach is always the preferred outcome.”

David Markus, founder of IT services company Combo, told SmartCompany this
incident serves as a timely reminder for small business owners to put
customer security first.

“What we can see in SMEs is this set and forget mentality,” Markus says.

“If they put in a firewall, it was put in years ago and it hasn’t been
maintained since. It’s key that people make use of the functionalities and
security of the tools that are out there. If you’re going to go to the
cloud, choose A-grade providers.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160503/7ee8f3ad/attachment.html>


More information about the BreachExchange mailing list