Garrett O’Hara is the Chief Field Technologist, APAC at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies and is a regular industry commentator on the cyber security landscape, data assurance approaches and business continuity.
Even big chains aren't immune from attacks.
Water, tea and coffee are the most consumed beverages in the world, so it should not be a complete surprise that there are numerous large chains with multiple outlets providing the two stimulants on this list to ravenous consumers.
It seems that hackers are ready to exploit coffee and other high-street chains since several chains have been highly susceptible to cyberattacks and malicious code penetrating their IT security defenses.
Bakers Delight Not Happy
The Australian bread and snack chain was hit by a data breach in mid-2018. Having run a store competition using Typeform, a provider of hosted on-line surveys, it was advised some of its data “may” have been in a partial backup file accessed by attackers.
As a result of an internal investigation, Bakers Delight had to notify all its customers who had entered the competition, warning them that their data “may” have been accessed. (Other victims of the Typeform data breach included the Tasmanian Electoral commission, Australian Repbulican Movement and insurer IAG.)
Caribou Coffee Card Breach
In late 2018, the 11th largest coffee chain in the world, US-based Caribou Coffee, had 239 of its 603 outlets affected by unauthorised access of its point-of-sale (POS) systems.
The company was obliged to list all 239 stores, warning all customers who used a credit or debit card at any of them between August and December 2018, should consider their card details compromised and take precautions: getting a card replacement, reviewing their statements and enrolling in identity protection programs. The price of a cup of coffee just went up...
Dunkin’ Donuts Breach Highlights Another Challenge
Meanwhile, that other staple of an American breakfast-on-the-go, Dunkin’ Donuts, was hit in a less costly way than Caribou Coffee. But it does highlight a very critical byproduct of allowing a breach to happen in the first place; specifically, the concept of credential stuffing. In this case a single data breach compromising specific credentials can then be used to mimic other credentials in order to get seemingly approved credentials for access.
Dunkin' Donuts was not hacked itself; other companies were. But the attackers used the usernames and passwords they obtained to try to break into various online accounts across the Internet. Dunkin' Donut’s security stopped most of these attempts, but customers who used their DD Perks username and password for unrelated accounts were vulnerable, as hackers might have been able to log into some of these accounts.
Coffee & Muffins Preferred
Every Chief Information Security Officer and IT Security professional would prefer their morning coffee and guilty pleasure of a muffin or vanilla slice to investigating then remediating cyberattack damage and stolen credentials. Let alone breaking the news to the rest of the business and, potentially its customers.
Preventing malicious code from infiltrating your IT network requires instantaneous protection using modern evasion-proof, signature-less, patented technology to address today’s broad threat landscape without the overhead, guesswork, prediction or latency.
Whether in the form of ransomware, spyware, trojans, rootkits or any other type of malware yet to be defined, an effective solution will conclusively and in real-time detect, identify and block the malicious code from infiltrating your organisation.