For two weeks, between April 9, 2021 and April 22, 2021 DigitalOcean was affected by a data breach in which attackers gained access to “…some of your billing account details through a flaw that has been fixed”, said the notification email to its customers. DigitalOcean customer accounts were not accessed, however the customers’ names, last four digits of the payment card, its expiration date, and the name of issuer were exposed. DigitalOcean’s Tyler Healy explained that only 1% of billing profiles are affected by this breach. No other information was offered during Wednesday’s statements.
It is important we all keep watch on our digital lives. Breaches like this are common but there are regulations in place both in the United States and Europe to ensure that companies notify the people whose information was exposed in data breaches and help combat the effects of exposure and loss. Wired Magazine offers up a great summary on the protections and assistance offered in European countries while Netwrix Blog has a great brief explaining the US approach to data privacy and protection. While consumers have some responsibility, quite a bit of that lies with the business entities that hold collect and use that information. Compliance with regulations in place is of the utmost importance. Last year, NIST released an excellent framework , NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management, that offers a guide for organizations to ensure safety of internal and customer data. On top of these strategies it would benefit companies to make use of security services such as an experienced Security Operations Center. Binary Defense’s Security Analysts are on watch day and night to detect any alerts or indications of compromise to stop breaches such as the one that DigitalOcean experienced.