True Fire, a Florida-based company that provides guitar lessons through the Internet, recently experienced a major data breach.
The breach was first discovered on January 10, 2020, which was a full six months after the unauthorized actors gained access to the company’s computer system.
On March 9, 2020, Ren Wright, the Chief Customer Officer of True Fire, sent out a letter alerting users that their data may have been compromised. Anyone who submitted a payment through the True Fire website between the dates of August 3, 2019, and January 14, 2020, could have been affected by the breach.
According to Wright, the unauthorized party could have gained access to detailed information about True Fire users, including their names and physical addresses, as well as their payment card account numbers, security codes, and expiration dates.
Users were advised to carefully check their payment card statements for any suspicious or unusual charges or activity. Unlike other companies that have experienced similar data breaches in the past, True Fire did not offer to provide free credit monitoring services for affected users. Instead, users were advised to keep a close eye on their future statements to ensure that no new unauthorized activity appeared.
Payment information for customers is not stored on the company’s computer system. Instead, it is believed that the unauthorized party could have accessed and stolen the data in real-time as users submitted purchases through the website.
The company did not provide information about how the breach was identified. They did say, however, that law enforcement officials had been notified. According to the company, they are also currently working with specialists in computer forensics to discover more details about the unauthorized access.
It is unclear why users were not notified of the breach until March 9, even though it was first identified on January 10. As of right now, the company has not published any information about the data breach on its website.
Protection Against Data Breaches
Although every case is different, data breaches like these are often the result of human error. Phishing emails are commonly sent to employees by outside actors with malicious intent. If these emails are not handled correctly, these actors could gain access to the company’s computer system. Once inside, they could steal everything from sensitive company data to customer payment information.
The best way to defend against attacks like these is by ensuring that all employees are properly trained in how to identify and handle phishing emails and other cybersecurity threats.
Hook Security’s Phishing Testing and Cyber Security Awareness Training is designed to help employees adopt safer practices that minimize the risk of data breaches or other cybersecurity issues. This type of training is essential for today’s companies. Data breaches can be devastating for businesses. When a breach occurs, customers lose trust in the company, causing them to take their business elsewhere. This can lead to a major loss in revenue. Proper training can help prevent issues like these, minimizing the risk of data breaches for companies of all sizes.