One of the basic problems with collecting a lot of data is that you need a place to store it, and if it’s sensitive data, you need to store it securely. Unfortunately for everyone, the amount of private data all companies are amassing on their customers is accelerating as everyone (except the customers) realizes just how lucrative this practice is. Or, as is the case for more and more companies who get breached, how costly it may end up being if they can’t keep that data safe, as both party-planning website Evite and United States Customs and Border Protection owned up to this week.
What this means for you
While US CBP has not officially released information on the scope of their leak, sources have confirmed that facial recognition data and license plates for up to 100k individuals crossing the Canadian border were stolen from a CBP subcontractor who was storing and using the data outside of the CBP network on their own systems, which were then breached by an as yet unknown attacker.
In the case of the Evite breach, the website was actually notified several months ago that they had been compromised, but only just now acknowledged that customer data from 2013 was stolen in a breach that appears to have happened in February of this year. No financial information was leaked, but names, emails, IP addresses and passwords were definitely stolen and made available for purchase on the dark web in April.
As is typically the case in these types of breaches, there is not a lot you can do as an individual. Evite, of course, has supposedly notified affected individuals of the breach, and is encouraging all users to reset their passwords as a matter of course. And if you happened to be one of the 100k or so individuals passing through a particular Canadian border crossing which is as yet unnamed, you might never know if your data was part of this particular breach.
