The JM Bullion data breach could easily be the most expensive data breach. How can we call this one of the biggest data breaches of history? Read more below to find out.
JM Bullion, is a renowned dealer for gold, silver, copper, platinum and palladium. It was the victim of a cyber-attack. The company had remained obscure to the data breach for a long period of time. The cyber-attack took place somewhere in February this year. However, due to a lack of security checks in place, the attack was not discovered until July this year This attack allowed the hackers to fetch information of the dealer and the clients and harbor it for a long period of time before revealing it to the public.
This delays the efficacy of any response measure and any corrective actions. The nature of the goods under question makes the attack one of the most expensive one yet. The precious metals and elements are considered to be an investment and collector’s choice for many around the world.
This type of attack is known as MageCart and works by placing lines of malicious JavaScript code into a website. The website developers remain unaware of the added lines and nobody realises that the data is being mined out of the company. Then, whenever an individual enters payment information, the code diverts it to an external server operated by the hacker. This opens the database of the company and all its clients to major exposure.
The hackers were able to continue this activity for months. This gives the company little control over the damage done under its code. “On July 6, 2020, JM Bullion was alerted to suspicious activity on its website. JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident,” a notice sent to JM Bullion customers read.
How can Seers help?
Well, once the data is stolen little can be done other than a regular change and maintenance of the passwords and codes. As a privacy and consent management platform, Seers can ensure that you are following best practices and are protected and compliant with data privacy regulations through the use of its digital solutions:
- Keep your devices protected online through a high-quality antivirus software
- Use safe sites that engage with the best protection software
- Practice good password rotation and security practices that help prevent identity theft
- Perform cyber secure and GDPR assessments regularly
As a company, we may be able to help you through our privacy experts service to audit and analyse security levels for the data you hold. Seers can also make recommendations on improved privacy and security compliance strategies for businesses. Alternatively, you can also book a consultation with our privacy expert at Seers.
Stay safe, stay protected and free from cyber-attacks!