Several million Californians discovered their personally identifiable information (PII) found on their motor vehicle registration records was stolen by a ransomware gang known as Cuba. The DMV contacted the massive number of drivers about the breach, letting them know their addresses, license plate numbers, and vehicle identification numbers (VIN) were compromised in the attack. The problem originally stemmed from a ransomware assault by Cuba on a third-party provider, Seattle-based Automatic Funds Transfer Services (AFTS). The company is used by the California DMV and other government entities for data management and other services including financial transactions.
The California DMV announced the hack may have close to 20 months of data on drivers in their state. States other than California, such as Washington state, made similar announcements to their affected citizens. Cuba publicly advertised the hack, posting “This site contains information about companies that did not want to cooperate with us. Part of the information is for sale, part is freely available. Have fun.”
Hacks and data breaches of third-party providers are a growing problem for those businesses who use their services. These services can include payment processing, customer data storage, cloud-based storage, and more. It’s important to remember that a company’s data is only as secure as that of the third-party holding it. Even worse, an attack puts the data of a client’s customers at risk, with customers ultimately paying the price for inept third-party data security.
Your Organization and Third-Party Data Security
For the good of all involved, there are suggestions for moving forward safely with a third-party provider. First, thorough vetting of an outside vendor is necessary to help ensure your company’s data is in safe hands. You should know about any hacking history and that the provider bolsters their own security with anti-malware software that is always updated. Doing any less could mean your company data is at risk.
Employee Cyber Education
Your employees are often the first line of defense against hacking efforts. Bad actors can bombard staff with email phishing and other ploys to worm their way into a data system. A cyber-smart employee can stop any number of attacks, including ransomware, before they start. As a result, providing ongoing cyber education to employees is well worth it. The hacking landscape can change and trend quickly, but definitely does over time. A staffer who knows how to spot the red flags of these cyberattacks can be an invaluable asset. Remember, the current and future success of your company can depend on having cyber-smart employees.