Another major company has announced that it has fallen victim to a major data breach. Alarmingly, it was internet service, phone and cable provider Altice USA that was the data breach target through an attack executed via an extremely common malicious email technique.
Criminals used a phishing email that was sent to an Altice employee in Long Island, New York. When the employee clicked on a link, it gave thieves access that enabled them to download the Social Security numbers, birth dates and other personal information of all 12,000 current employees, as well as a number of former employees and customers across the 21 states it serves.
Data Breaches through Phishing Emails
What makes this data breach alarming is that phishing email attacks—like the one that was usedto initiate this break in and theft—are exceedingly common. The average U.S. employee gets 16 malicious emails a month. Without training and software that protects email, it is only a matter of time before one of those emails wreaks havoc.
Suchdata breach attacks are exceedingly costly:
- Altice had to hire a computer forensics company to figure out what happened and determine the extent of the damage.
- It has paid to train employees on how to better recognize a malicious email and what to do with suspect email.
- The company must cover the cost of credit monitoring services for everyone compromised.
- As a New York company, Altice is subject to the new SHIELD Act [link to this article on your site]that imposes fines and other legal obligations.
And it doesn’t stop there. Add in the damage to the brand, and you have a major loss; one that was extremely preventable.
Phishing Email Data Breaches Are Preventable
Phishing email attacks that initiate data breaches are indeed preventable. Solutions are available that scan inbound email traffic in real-time. These solutions compare incoming emails against black listed entities, scrape and analyze the emails for malicious links and attachments, quarantine suspected emails, and then detonate them in protected spaces not connected to networks where they can do no harm. The most sophisticated systems use machine learning to enhance threat detection.
Because phishing, spoofing, malware, and other threats require human participation, the best systems provide warnings as to the presence and nature of threats. Training on how to recognize and respond to malicious email attacks is a vital part of protecting systems, data, employees and customers.
Also Protect What You Send
Criminals are looking to break into the emails you send, too. Your outgoing email traffic is equally at risk for data breaches as the email your company sends. Solutions that encrypt outgoing mail, even on mobile devices, provide a needed layer of security.
As we were wrapping up this article late this afternoon, it was announced that Altice is now the subject of a class action lawsuit. The suit filed today is likely the first of manyfor Altice following this data breach. Unfortunately for Altice, the costs keep mounting—all from a data breach initiated through email that was preventable with a small investment in software and training.
Try Trustifi Today
Our Free Trial Is Forever Free
See if Trustifi Is Right for Your Organization