Experts Reaction On Staples Data Breach

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

by Security Experts | informationsecuritybuzz.com »

Staples has informed some customers that data relating to their orders has been accessed without permission, but dubbed the data as ‘Non-sensitive” according to researcher Troy Hunt. Cybersecurity experts reacted below.

EXPERTS COMMENTS
Saryu Nayyar

| September 15, 2020

 Saryu Nayyar, CEO, Gurucul

In this day and age, there is very little information that can’t be leveraged in some way for nefarious purposes.

“While the Staples breach appears to be “low impact” in that no sensitive customer information was released, even supposedly non-sensitive information can be leveraged by a savvy attacker. Knowing what a person or business has ordered, and when, can be just the hook an threat actor needs to formulate an effective phishing email or other social engineering attack. In this day and age, there is very little information that can’t be leveraged in some way for nefarious purposes.”

 

| September 15, 2020

Chloé Messdaghi, VP of Strategy, Point3 Security

We don’t know how the breach happened but we do know that this is the exact kind of data that can be used maliciously.

“For Staples to say that customer order data is non-sensitive is ridiculous. Any social engineer attacker can use that type of data for a phone phishing campaign like this: ‘When you bought (name of purchased product) under xxxxxxxxxxxx confirmation number, we seem to have overcharged you. Can you please provide your full details of the credit card on file with the xxxx last four digits, so I can get that refund for you?’

We don’t know how the breach happened but we do know that this is the exact kind of data that can be used maliciously.”

 

External Link: Experts Reaction On Staples Data Breach

Share this page:

Related Posts