Just recently, Capital One had joined the list of companies that have fallen victim to hackers, and yesterday, the food delivery company DoorDash announced a data breach had occurred in May. While the DoorDash breach only affected 4.9 million users, and only those who had joined before April 5, 2018, this incident sheds light on the risks that may exist within other similar food delivery apps. According to eMarketer research, 44 million US consumers will use a food delivery app by 2020. All this to say, if you’re not using a food delivery app already, odds are you will soon, and should be armed with knowledge about data breaches and what to do should you be affected by one.
To help avoid the anxiety of a data breach and to become more prepared, in-house expert and Senior Director of Technology and Solutions for ADT Cybersecurity, Ron Culler provided his perspective and advice on this matter.
Q: How do you think the DoorDash data breach happened?
RC: It appears that the breach occurred via an unnamed third-party service provider. Without more information on who the provider was or what service they provided, it would be hard to say how the unauthorized access occurred.
Q: What types of data does DoorDash collect?
RC: A quick check of DoorDash’s website shows they discuss many of the types of data they may collect directly from customers, drivers, merchants, etc. as well as data from third-parties. They also talk about who they may share data with, and this is where the unknowns are.
Q: Is it normal for companies to provide data to third parties?
RC: It's very common for organizations to outsource all facets of their business as described above (including payment processing, marketing, call centers, as well as IT infrastructure and services).
Q: Are there dangers or risks associated with this practice?
RC: These third-parties are where the biggest risks exist, often as they may also follow the same practices and outsource facets of their operations. So, for businesses that use third-parties for portions of their operations, it is incumbent upon them to do the due diligence to protect their data and their customers’ data.
Q: What should businesses be doing to protect customers’ data?
RC: Businesses should be looking for industry credentialing and regulatory compliance as applicable as it relates to data privacy and security, and request any auditors reports on the third-parties’ compliance in those areas. Additionally, they should inquire as to their third-party providers’ outsource their services to third parties
Q: How can consumers protect themselves?
RC: Consumers can use the following tools and practices to help protect their online data:
- Password managers
- Using different passwords for every app/website
- Use credit cards for online payment instead of ATM/Debit cards as these are directly tied to your bank account which could subsequently be at a greater risk of a hack as well
- Take advantage of the Credit Reporting agency’s ability to lock your credit accounts with them to help prevent anyone from using stolen data to open credit under your name
Of course, it is good common sense to review your credit reports at all three agencies, review your banking statements, credit card statements and understand that things are going to happen. But, if you take these measures, when something does happen, you will be better prepared to deal with it.
If your data does get hacked, ADT is here to help. Our resolution experts are available toll-free, 24/7, to walk you through the steps you need to help you manage your identity recovery and provide expense reimbursement, saving you hours of work and stress. If your information is indeed exposed, the resolution experts help mitigate potential loss and save time by placing a credit freeze, doing everything from notifying creditors and government agencies of the issue to completing required affidavits. ADT Digital Security customers who have our Identity Theft Protection services are covered up to $1M* for losses or expenses related to the identity theft recovery process. This includes day-to-day efforts you make to restore your identity. If you’re interested in protecting your small business, ADT cyber security solutions can help protect your systems, and help minimize the possibility of your networks and customer data from getting hacked.
The DoorDash data breach reminds us that even the most innocent uses of technology, while increasing our access to convenience, also increase our chances of being vulnerable to our data being stolen. In the digital age, protecting your personal information is absolutely crucial. It’s time to take the next step in protecting your identity online, enjoying the peace of mind knowing you have support resources and the safety net of ADT’s services should something happen. Preparing for the worst means you can live your best, so check out our Identity Protection Plan to learn more and get the protection you need.
*Disclaimer: Expense Reimbursement, with limit of up to $1 million, including limited coverage for lawyers and accountants (up to $1000 in each case) is available for losses resulting from stolen identity events (as defined in the Master Policy if needed).