While data breaches are at an all-time high in the U.K., the U.S. are facing the same security crisis with huge data breaches happening all the time as well. A recent report showed that customers’ personal details from hundreds of car dealerships were put at risk due to an inadequate database.
DealerBuilt is a specialised Dealer Management System (DMS) which allows dealers to manage every aspect of a dealership, and they boast a “secure integration”, which is somewhat ironic given the breach…
A “shoddy” system
Researchers recently found that 128 dealership systems were backing up their information and systems onto the DealerBuilt central systems. What is described as a ‘shoddy security system’, the DealerBuilt’s centralised system were reportedly backing up data without encryption or security. Not only does unencrypted data offer a huge business risk, but it allows hackers to see what is being backed up. Not encrypting data is likened to driving a brand new Ferrari without insurance. You may drive it as safely as you wish, but it doesn’t protect you from the actions of other drivers. So, driving any vehicle (without insurance) puts you at the same financial risk as not encrypting your data. It’s not just the financial penalty that you have to think about, but the wasted time rectifying the solution.
Customer and employee personal information
The database was found on Shodan, a search engine for open and unsecured databases connected to the internet. The database importantly includes payroll data (which may include sensitive information like bank details), customer names, and addresses. It’s not just customer details that they have failed to protect securely – the database also stored information like the social security numbers of customers and the employees who are employed by the dealerships. This arguably puts these individuals at a higher risk of identity theft. Cyber-hackers can use sensitive information to commit financial fraud or filing for false tax returns.
Millions affected
As the researchers detail 128 dealership systems, it’s likely that the individuals affected would be in the millions (estimated five million). However, there are no exact numbers as of yet.
Importance of a secure database
This data breach highlights the importance of a secure database when storing personal details and sensitive information. It’s arguable that dealerships should have done more to secure their databases rather than afford all the responsibility to a third party contractor, like DealerBuilt. It seems as if many of the dealerships were not even aware of DealerBuilt’s security procedures, as their website reportedly fails to detail how the company handles data security.