BotNet News

The recent data breach of genetic testing company 23andMe reveals just how far and deep the effects of a data breach can extend. The hackers stole the names, addresses, phone numbers and social security numbers of more than 6 million customers. This information could have been used for phishing attacks, credit card fraud and even tax identity theft. It may also have been used to infiltrate the accounts of other online services where consumers use the same username and passwords.

In addition to financial losses, a data breach often brings about legal trouble, regulatory fines and a profound loss of consumer trust. It can also impact the stock price and valuation of a business.

Attackers are always seeking new ways to gain access to sensitive corporate data and credentials. They may steal physical devices such as laptops and mobile phones from employees working remotely or while traveling, or they may compromise user accounts or systems to infiltrate and expose data. Once inside the network, attackers typically exploit privilege escalation and lateral movement to improve their position within the system and locate the desired data. They then either exfiltrate the data for sale or use, destroy it or lock up the information to demand ransom.

Companies must act quickly to contain the attack, notify affected individuals and remediate vulnerabilities. This requires working with forensic investigators and outside legal counsel with privacy and data security expertise. They can help identify the source of the breach and help meet compliance requirements for notification laws.