CTC’s December 2018 Threat Report

When a cybersecurity issue arises, reaction time matters. Yet in recent news:

  • A government agency let a known problem sit for an entire year
  • A popular retailer swiftly addressed the issue but communicated poorly to affected users.

Both issues go away with the right team backing you up. A team led, hopefully, by someone who uses a computer. (Check out our last item for that.)

USPS’s API Cybersecurity Stumble

An application programming interface (API) vulnerability exposed the data of 60 million United States Postal Service (USPS) customers to anyone with a USPS.com account.

Information available through the vulnerability included users’:

  • Usernames and user IDs
  • Account numbers
  • Email addresses
  • Street addresses
  • Phone numbers
  • Mailing campaign data

Worse than the vulnerability itself? The fact that a researcher alerted the USPS to the issue a year ago. Only when contacted by a journalist recently did the service address the issue. Fixing the problem took only two days.

As TheVerge.com points out, attempts to modernize the USPS haven’t gone smoothly. “In 2014, a hack affected 800,000 USPS employees and 2.9 million records of customer service inquiries.”

They’re not alone in scrambling over IT issues while positioning their organization for a fast-developing future. If you’re having similar issues, having the right support can make all the difference in the world. Or, in this instance, 60 million differences.

Amazon Suffers Pre-Black Friday Black Eye

Even companies born in the digital age — born as a result of the digital age, no less — must work hard to keep pace with cybersecurity threats.

A few days before Black Friday, Amazon suffered a significant data breach that exposed the names and email addresses of an undisclosed number of users.

It appears to be the first time the online retailer has disclosed such an incident in the post-general data protection regulation (GDPR) world of the UK.

Amazon’s response was to downplay the issue. In a letter to affected customers, it wrote: “The issue has been fixed. [T]here is no need for you to change your password or take any other action.”

Cybersecurity expert Richard Walters, quoted by The Guardian, offered better advice: users should strongly consider changing their passwords.

Do You Have the Cybersecurity Experience and Support You Need?

CTC Technologies is fortunate to field a stellar team of IT professionals. Nowadays, it’s difficult for some companies to develop the deep bench we — and our clients — enjoy in the fight to dispel cybersecurity threats.

Japan one-upped everyone recently, however. It turns out that the nation’s cybersecurity minister lacks credentials most fifth-graders boast. That’s because Japan’s cybersecurity minister has never used a computer.

Now is a bad time for Japan, your company, or anyone else to sacrifice fundamental IT protections. Protect your company by following clearly delineated guidelines for IT vendor selection.

If you’re not sure where you stand right now, we can help by auditing your current system and designing an approach that fits your enterprise’s specific needs. Simply reach out to us online or call us at 734-408-0200. We’re ready today to help you combat the cyber threats that arise daily.  

P.S. Make sure you follow us on Twitter and Facebook for security updates, as well.