Question

Week 16

E-businesses tend to store vast amount of customer data including emails, DOBs, Credit card information, and other critical personal information. It is important that such businesses spend the required budget on security to protect customer data. In the past several years, many companies have been hacked and millions of customers’ data have been compromised. List two e-businesses whose data have been compromised due to the lack of a robust secure system to protect customers. List and elaborate.

BUS 368 classmates, please do not use the same answer.

BUS 368 classmates, please do not use the same answer.

BUS 368 classmates, please do not use the same answer.

11/28/18

Answer 1

• British airways-Website and the online booking had a data breach in from August 21, 2018, to September 5, 2018. There was a data breach affecting 380,000 payment cards. The data breach compromised the personal and financial details of people making a booking on ba.com and the airline's app during this period. British Airways were contacting all customers to contact the banks and change their passwords to protect themselves. The British Airways also requested the customers to be wary of any scam emails. The prime reason was credit card skimming malware which was installed on the British Airways website by the hackers. It was popularly known as “just 22 lines of malicious javascript”hacked the website.
• Yahoo has data breach where they estimated the personal information and data of 3 billion users had been compromised. The breach included people names, passwords, date of birth and email address. The breach impacted Yahoo valuation by $ 350 million. The hacking was done by sending a single spear-phishing email with a link to a user in Yahoo office. As soon as mail was accessed the malware was downloaded on the network.

Belan the Russian hacker created a backdoor into the server, which gave him access to yahoo internal control center for Yahoo email accounts. He copied and exported a copy of the backup data from where he gained information about people and their personal details. He later created duplicate credentials to forge data and tricked yahoo servers to recognize them as account holders. Data was used to target Russian journalist, Russian cybersecurity employees, and officials.