Carousell Data Breach Exposes Private Information

Carousell reports a data breach around 1.95 million Carousell user accounts, making up 39% of the total in Singapore were impacted but no password information leaked out – another cybercrime with a question mark on security again. 

Data Breach of Carousell

Email credentials and mobile phone numbers were exposed, but password information was saved when the Singapore-based e-commerce giant Carousel was hit by a data breach recently.

phishing, data breach, website defacement, ransomware

About data breach – The crucial data of users are taken away from the system without the knowledge of the owner which means the technical information or data saved in the system or cloud are stolen by someone without authorization of the owner.

Any organization or any individual can suffer a data breach. The nature of data or information can be of highly sensitive and confidential such as mail passwords, debit card or credit card numbers, business policies, or customer data.

Anyone at any point in time can be a victim of cybercrime where security takes a back seat and the cyber-thief or a thief are succeeded to extract all the saved information and transfers them to their own network.

Recent reports from the second happiest nation Denmark saw no bank robberies in 2022 due to their strong security measures such as a strong password management, patched network, endpoint protection and a protected security for all devices and so on.

In the world of contactless technologies and digital transition, it becomes crucial for any business organization to offer their services and products considering all the key aspects of data and data breach.

How to Respond to a Personal Data Breach

In this data driven world, all our transitions and interactions involve sharing our personal information on any ecommerce sites such as name, address, mobile number and email id or even the national id and tax proof; we believe that our data is safer in their hands and the usage is proper and legal.

instagram hacked

Hacking of Instagram account was amongst the most popular and we saw series of scams like updating KYC banks, Bluetooth pairing and even threat though a link on SMS.

So how to respond in case of a personal data breach.

  • First of all without getting panicking, you should analyze and observe what had happened, how did happen and is there any financial loss or it is all about your sensitive information such as password, credit card details and data, banking information, family contacts, photos or videos posted on social media platforms.
  • Raise a complaint online on the cyber cell portal and keep reviewing the updates. Provide all information required to help them catch your cyber-thief.
  • Keep monitoring any online activity and inform your organization so that the in house security team can set alerts for two step verification of your official account. 
  • Gather the evidence of the data breach and perform a risk assessment document for ready reference.
  • Send notification to all the regulators resulting in stopping additional data loss
  • A safer password manager tool to maintain passwords can be beneficial if the usage on ecommerce platform is on a higher side along with avoiding sharing credentials with anyone.

The COVID-19 pandemic has gifted us with hybrid working and workcation (work + vacation) in addition to working from home (WFH).

This shift from a secure office workplace to a shared home environment with no trust model for organizations has made it easier for cyber criminals to target home environments.

As such, it is your dual responsibility to protect both the system and the enterprise resources.

The cyber criminals are more professional and have the world as their target, with a creative mindset for an attack.

Do you have the creative mindset to secure yourself digitally? Let’s look at how businesses can respond in the event of a data breach.

How to Respond to a Data Breach as a Business

The most sought-out method for digitization and data-driven business decisions for revenue generation are to keep it safe and secure (KISS).

Virtualizing operations and cloud computing with the objective of optimizing stored data and end-point protection is essential.

Tools with vulnerability scanning and data analytics can provide insight into areas of focus in the event of a data breach. 

Related article: What is Data Vulnerability in Cybersecurity?

How many times have you read or referred to an old email in your inbox that needed an action later.

Or have you deleted those regular newsletters from HR for holidays, celebrations or a town hall webinar invites.

Redundant materials such as old emails and regular newsletters from HR / Market Updates should be deleted to avoid having a large amount of junk stored, which would require technical experts to retrieve lost data in the event of a data breach.

Regular habit of taking the data backup can lessen the damage of data breach in case it happens. 

Employees can be educated to take care of their online assets in and out of office. They can be enforced to react to a threat when occurred.

The IT Admin can educate them by sending out small videos on the employees’ Chat / groups and make them aware of the sophisticated virus or a malware attack.

Human error or negligence can easily infiltrate the system and the cyber criminals’ work becomes an easy task. 

Poor security habits like USB access of employee devices and unsecured WiFi connectivity can also cause a data breach thereby bringing down the reputation and brand image of a company with or without revenue loss. 

Device Security through app locks, screen locks, securing devices by installing security software with a real time scan enabled. 

Conclusion

To sum up, an organization should report the data breach without any delay and specifically within 72 hours as prescribed in the GDPR (General Data Protection Regulation).

Millions of records are compromised and it’s equally affects both businesses and its customers, impacting the users whose data are stolen.

To promote the accountability for handling data, everyone should share the responsibility to make data privacy and protection and foster a culture of security.

Improving of the traditional infra and investing on cloud migration with tight end security arsenal can also save the data and prevent in data breach. 

Check out for better cyber security solution.

Stay Vigilant. Stay Protected 

Related articles:

Top Cyber Security Threats in 2022/2023 Latest Predictions

9 Most Common Cyber Security Threats You Should Be Aware