[BreachExchange] Live Event Manufacturer Reveals Employee Data Breach

Destry Winant destry at riskbasedsecurity.com
Mon Jun 15 10:27:55 EDT 2020


https://www.infosecurity-magazine.com/news/live-event-manufacturer-employee/

A major manufacturing company for live events has disclosed a data
breach affecting the personal and financial information of its
employees.

Tait Towers Manufacturing produces rigging, lighting and other
equipment for concerts, theatrical performances and the like. It
claims to have worked on many of the highest-grossing concert tours of
all time.

The US-headquartered multinational waited nearly two months before
last week disclosing an incident which was detected on April 6, but
began on February 16. The firm said an unauthorized third party had
accessed a server and some employee email accounts.

It has since reset server and email logins to remediate the incident
and deployed multi-factor authentication and endpoint monitoring
systems to improve safeguards for the future.

Among the compromised information are employee names, addresses, email
addresses, dates of birth and Social Security numbers or financial
account numbers.

Although the company said it has “no reason to believe that any of the
information maintained in the server and email accounts was misused,”
the data would be tactically useful for cyber-criminals in developing
phishing campaigns and/or follow-on fraud.

Tait has urged clients, employees and vendors to monitor their
financial accounts for any unusual activity while it completes its
investigation into the incident. It is also offering the usual free
credit monitoring to affected employees.

“Many data breaches like the Tait breach are caused by employees and
executives opening attachments or clicking links in emails from an
unidentified third-party sender,” argued Chris Hauk, consumer privacy
champion at Pixel Privacy.

“Educating employees about the risks of indiscriminate link clicking
has never been more important than it is in today's always-connected
world.”


More information about the BreachExchange mailing list