Graeter’s Ice Cream:Regional ice cream brand based in Cincinnati.
Risk to Small Business: Severe:After discovering the potential breach, the ice cream chain was forced to notify approximately 12,000 customers, informing them that their personal and payment information may have been compromised. Malicious code was inserted into the company website’s checkout page between June 28, 2018 and December 18, 2018, but the investigation has still not definitively revealed if anyone was actually breached. Nevertheless, customers are upset due to uncertainty surrounding the breach and the brand will reluctantly undergo security process improvements that will cost additional time and money.
Individual Risk: Severe: The malware was capable of copying any data entered during the checkout process, including personal details (names, addresses, phone numbers, fax numbers) and financial information (card types, numbers, expiration dates, and card verification codes). With this in hand, hackers are able to conduct payment fraud or build data profiles that can be sold on the Dark Web.
Customers Impacted: Approximately 12,000
How it Could Affect You: Considering that Graeter’s is still unsure if the malware was able to siphon payment data, the situation can quickly become frightening and frustrating for the end-user. The ambiguity leads to customers shuffling through statements and wondering if they’ve been hacked, causing them to think twice before doing business on a checkout page that has previously been breached.
In Other News:
GDPR Update: 95,000 Data Breach Complaints Since Adoption
Since the widely anticipated installation of the EU privacy law known as the General Data Protection Regulation (GDPR), regulators have received over 95,000 complaints of possible data breaches within an eight month period.
As you may already know, GDPR enables privacy enforcers to levy fines of up to 4 percent of global revenue or 20 million euros ($23 million), whichever amounts to a higher number. Just last week, the French data protection watchdog imposed a fine of 50M euros on Alphabet-owned Google over allegations that they failed to obtain user consent for personalized ads, the largest GDPR sanction to date. As more penalties begin to join in the mix, organizations must consult experts to ensure that they are adhering to the stringent regulations for protecting EU consumers.
So far, most complaints have been related to telemarketing, promotional emails and video surveillance by closed-circuit televisions.