Cyber Essentials 2022 Major Updates Businesses Need to Know
Cyber Essentials is a government backed scheme which was launched in 2014 to allow enterprises to protect themselves against cyber-attacks. It shields businesses within various
- Remote Support
- Client Portal
- Call us: 03301913473
The PDL Data breach in brief
The People Data Labs PDL Data breach was first discovered by Security Researchers, Vinnie Troia and Bob Diachenko in October 2019. 1.2 billion personal data records (totalling 4.2 terabytes) were freely accessible via an insecure server on the Dark Web. The source of part of this data set was traced to People Data Labs (PDL), a data broker based in San Francisco. PDL lists that it has over 1.5 billion people’s data for sale including more than a billion email addresses and 400 million phone numbers.
What data was leaked in the PDL breach?
The PDL Data breach shared data records included usernames, social media accounts, 622 million email addresses and 50 million unique phone numbers. Whilst the data set did not contain passwords or social security numbers, it does have all the information necessary to impersonate someone.
“This is the first time I’ve seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That’s a lot of information in one place to get you started.” Stated Vinnie Troia in a recent Wired article
Data sets like this one are often used for criminal activity including: phishing, scamming and identity theft. However, the intention of the data leak remains unclear, because this data was fully accessible with no payment required and with no links to an author and PDL has since claimed that the data was not obtained as a result of a breach but instead was likely resold or released by one of their customers.
What is the difference between the Deep Web and the Dark Web?
The Deep Web is an area that is not accessible by the main stream search engines where you can often find leaked data. The Dark Web is a website within the Deep Web that is linked to illegal activity.
The Deep Web was initially designed for the US secret service, so that they could access files without being detected. Unfortunately it has turned out to be a double-edged sword as the very feature of un-traceability which was invaluable to the military became used by criminals. Although the PDL particular data set has since been removed by the FBI, the researchers have no way of knowing if anyone accessed the data set prior to its removal.
The similarities to the LinkedIn Data Breach in 2016
Leaks like the PDL one are commonplace and they have existed since the internet was created. In 2016, 164 million account credentials were stolen from LinkedIn, including passwords that were leaked on the Deep Web.
The number of data breaches this year have exceeded 2018. And the individual leaks are growing. Troy Hunt, who runs data tracking exposure service ‘HaveIBeenPwned’ observed that we are seeing more data than ever being circulated, from both new breaches and duplication of previous breaches.
The increase in data leaks is a result of the change of law which now requires companies to declare data leaks in line with the EU GDPR Regulation, as well as the proliferation of the amount of online data available and every growing hacker abilities.
PDL Data breach – What to do if you are affected?
- Investigate what company information is available on the Dark Web. Please contact us to arrange your Dark Web report for your company.
- Implement a strict password policy across the company
- Undertake Cyber Security Training to educate employees of the risks
- Write your cyber security strategy/ review your existing
- Undertake a cyber security audit of your current setup – make improvements
- Implement the relevant tools within your setup– eg. Cisco Firewalls
- Achieve the Cyber Essentials framework – gain the certification to secure your business and demonstrate to your customers that you are committed to Cyber Security.
If you would like to find out more about our Dark Web monitoring, Cyber Essentials Certifications or require specialist IT Consultancy please get in touch.
Related blogs you may find useful
Cyber Security tactics in a Post-Pandemic world
In March 2020, the UK along with the rest of the world was placed in lockdown due to Covid 19. Businesses sent staff home and
Modern Workplace Security – A Three Pillared Approach
In the traditional IT world, the edge of an organisation’s network, or rather it’s firewalls, were considered the perimeter and everything that occurred within the
Cyber Risk in the Finance Sector within a Post Pandemic World
There is no doubt that the financial sector has become the most prevalent target for cyber security attacks over the last few years. The COVID-19
We would love to hear from you
Our specialist team of consultants look forward to discussing your requirements in more detail and we have three easy ways to get in touch.
Call us: 03301913473
Complete our contact form
LiveChat now: via the pop up
Contact us
By telephone 03301913473
Services
Dynamics 365 Consultancy
Offices
London Office 3rd Floor, The News Building, Shard Quarter, 3 London Bridge, London, SE1 9SG Kent Office The Coach House, Spencer Mews, Tunbridge Wells, Kent, TN1 2PY