Blog

Multinational Restaurant Chain Data Breach – Things You Should Know

mnc food chain
  • Over 18 Cr orders, details from a popular multinational restaurant chain are exposed on the dark web.
  • Surprisingly, the breached data includes all the details related to the customer orders, including the names, email addresses, mobile numbers, real-time locations, and much more.
  • How to prevent such high-impact data breaches?
  • SISA’s cybersecurity tips for your organization.

How was this top-tier data breach informed?

A well-known restaurant chain has become the latest victim of a critical data breach, exposing 13 TB data, including the details of 18 crore orders.

This multinational restaurant chain has already been a victim of a major data breach, wherein about 10 lakhs customers’ and internal employees’ data were leaked. The reoccurrence of the breach has acted as a whistle-blower for the industry’s data security standards.

The initial details of the breach were released on 16th April 2021 as the threat actor announced on a forum stating that they have downloaded 13 TB of data including details of customers and employees. Additionally, the attacker also highlighted that they acquired around 1 million credit card details used to place orders via the application.

 

Impact of sensitive data breach on organizations

The major concern for executives of the restaurant chain is that the threat actor was selling the breached data for around 10 BTC, which is roughly around Rs. 4.25 Cr ($569,000) at current market rates. Moreover, the threat actor also aims to develop a search portal where the users can inquire about any of the leaked data.

It has been recorded that in the first half of 2021 itself, several top-reputed companies have fallen into the trap of cyberattacks. In most cases of data breaches, businesses face damaging consequences including costs for compensating affected customers, investigating the breach, legal litigations and regulatory penalties.

 

Securing sensitive data from cyber threats

This multinational restaurant chain data breach is not going to be the last target of the attackers. In order to prevent future data breaches, businesses must be prepared to take a holistic approach that covers all aspects of businesses from protecting critical data assets to detecting threats and responding to security incidents.

  1. Frequently update your software for bug fixes and security upgrades: Organizations need to keep the latest version of the software in use, which strengthens the security system and helps protect your system from new/existing vulnerabilities.

  2. Follow multifactor authentication: Multifactor authentication/two-factor authentication adds an additional security layer to the password management system. By implementing this authentication factor, apart from entering a username and password, the user has to provide one more additional authentication data, which can be a personal identification code or any other security question.

  3. Educate your workforce regarding phishing attacks and how to prevent them: Phishing attacks are considered as one of the top security threats. With over 3 billion phishing emails sent per day, hackers are tricking employees by attaching malicious links to get the organizations’ authorized data, be it the credentials or valuable information.  The best way to tackle such phishing threats is to educate the workforce about patterns of attack and train them to handle such events.
  4. Get your system assessment done by certified security professionals: The benefits of security assessment are immense.
    • It proactively identifies any security threat present in your system.
    • By conducting penetration testing, it pinpoints your system’s critical threat points and security gaps.
    • Test and identify the web application vulnerabilities.
    • Security policy validations help your organization improve the risk management process and provides a roadmap to identify the breach points and fix it.

 

If these realities of data breaches do scare you, the best way to start the journey of securing sensitive data is to assess your current security posture and then build your defense capabilities.