It’s that time of the year again… Yes, the holiday season. You’ll be buying gifts online and in stores, swiping and entering your credit card like it’s no big deal because you’re just trying to get those once-a-year deals…
But have you ever stopped to think about your security when you swipe your credit card at the checkout terminal or when you enter your credit card details into an online checkout? Probably not… You’re probably more concerned with getting through the long line or placing that order so it ships in time.
Well, you should be concerned. Data breaches don’t only happen during the holiday season but also year-round. And they’re becoming a huge problem as we get more and more connected online and to other smart devices.
We share a lot of personal information without blinking an eye. But more needs to be done to secure it. Companies that possess millions of people’s information should take extra precautions when it comes to safely securing user data.
Will We Ever Be Safe?
Recently, a broken U.S. Postal Service (USPS) application programming interface (API) exposed the information of more than 60 million users. And this allowed for a researcher to pull millions of rows of data by sending wildcard requests to the service.
The service in question is the USPS service Informed Delivery. This service allows for a person to view their mail before it arrives to their home.
Brian Krebs reported on the security breach and shared a copy of the API’s code on his site.
USPS told Krebs:
Computer networks are constantly under attack from criminals who try to exploit vulnerabilities to illegally obtain information. Similar to other companies, the Postal Service’s Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity.
Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously. Out of an abundance of caution, the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law.
If the USPS is using the best practices to monitor its networks for suspicious activity, why was there a breach in the first place? This shouldn’t be a matter of “we’re trying our best.” This is people’s important information that, when obtained, could be used against them in a way that would take a lot of effort on the individual’s part to fix.
In this instance, as Krebs reported, identity thieves could misuse the Informed Delivery service to see what mail is arriving at users’ homes so they can grab important documents and checks.
This is only one of the many of instances that have started popping up. And as soon as the holidays are over, we’ll be informed about other security breaches that just surfaced.
If technology or systems are unable to prevent hacks, then there needs to be more transparency from companies about disclosing information to their users about any security risks.
Keep all this in mind the next time you go online to buy something or the next time you enter your debit pin into the terminal at the register.
Until next time,
Pro Trader Today