33.6M Records Leaked From Dun & Bradstreet Marketing Account

Dun & Bradstreet Marketing Breached

Dun & Bradstreet Marketing experienced a breach to one of their databases.  The database was 52 GB, which included 33.6 million files.  According to eCommerce Times, the database belonged to NetProspex.

The information exposed is basic contact information, very similar to what you may find on a business card — individual’s name, job title and contact information.  eCommerce Times reported the primary threat with this breach is identity theft.  However, I would have to disagree.  Hackers now have over 30 million email addresses that they can use for phishing scams.  Considering 93% of all phishing attacks include ransomware, this should be the highest concern.

The database that was breached included contact information for individuals working in various entities including Department of Defense, U.S. Air Force, U.S. Army, U.S. Postal Service, CVS Health Corporation, Wells Fargo and Wal-Mart, to name a few.

Prevention

It is encouraged, each entity impacted by this breach, conduct a cyber security training with all of their employees.  Too often, it is believed phishing scams will be filtered to the spam folder.  This is not always the case.  Hackers are typically rather smart, and make the emails look legitimate.  They do so by editing the “from” address to someone the recipient will know.  This may be their boss, co-worker, or even a well-known business such as Amazon.

KnowBe4 offers a phishing simulation email that employers can send to their employees to see how vulnerable their company may be to such attack.

(Visited 3,881 times, 1 visits today)

3 thoughts on “33.6M Records Leaked From Dun & Bradstreet Marketing Account

  1. “conduct a cyber security training with all of their employees”
    Yes that is rather basic, but surprisingly it’s also rather rare. Why one might ask?
    Well it’s just not viewed as a priority business driver by managers, who should, but do not, know any better.
    The problem lies squarely at the feet of senior management who have no difficulty sheltering when breaches occur.
    Very often IT staff are well aware of security weaknesses & even warn of them.
    But they are just techies with little real decision taking responsibility.
    Until it is possible for courts to impose deterent level fines when breaches occur nothing will change.
    Also it would help if protocols were developed to guide managers in taking action & audits to improve overall security.

Leave a Reply

Your email address will not be published. Required fields are marked *