Kickstarter hit with data breach
In 2014, business owners who believe that data breaches aren't the norm are putting themselves at dire risk. If Target's example, where over 110 million American customers were exposed to hackers doesn't raise eyebrows, then consider Kickstarter's situation.
The crowdfunding website, which has helped mainstream and independent artists get money for new projects, proved to be vulnerable to attack. Since the site began in 2009, more than 56,000 projects have come to light.
Because many of these visitors are using credit card information to make their contribution to these causes, Kickstarter took this vulnerability into account by encrypting passwords with SHA-1 technology, according to a blog post from CEO Yancey Strickler.
"While no credit card data was accessed, some information about our customers was," the blog post reads. "Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords."
What makes this situation worrisome is that Kickstarer did have a disaster recovery strategy in mind, which included resetting credentials for those who logged in through Facebook and not storing complete credit card numbers. However, Kickstarter is unsure how many accounts were potentially exposed to the malicious attack, so Strickler recommends everyone to change their passwords to ensure tight security.
"We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come," Strickler wrote. "We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again."
Business continuity consultants can help business owners devise a strategy after a data breach. This way, executives know exactly what to do, instead of leaving stakeholders and customers awry during this difficult time.