It the eyes of a cybercriminal, data is currency. It’s the reason we have laws such as HIPAA, FERPA, the FCRA, and others that regulate the collection, use, storage, and disposal of personally identifiable information or PII during its life cycle. Today, just about everywhere you go you’re required to give up some of this information to make purchases, buy services, or gain access. We gladly give up information, because this system allows for convenience, and we believe that our information is protected. Unfortunately, not much time has to pass before we hear of another huge data breach.
The Foxit Breach
On September 2, 2019, the PDF document software giant, Foxit, was the victim of data theft. Intruders stole what Foxit is calling “My Account” data. This is the data consumers store in their accounts, which includes their names, email addresses, user names and passwords, phone numbers, and company names. This account data doesn’t include any financial information, but if the window of the breach was long enough, hackers could have signed into accounts and retrieved billing information.
Being a worldwide corporation, Foxit has made available some of the specifics of the data breach to authorities around the world. The company is headquartered in Dublin and falls under the European Union’s General Data Protection Regulation or GDPR.
Foxit’s Data Breach History
This is not the first time Foxit has been victimized by cybercriminals. Back in 2016, Foxit software was hacked and used to infiltrate the central bank in Bangladesh. Unaware the software had been hacked, employees using the software proceeded as normal while fraudulent transactions were being processed undetected. Overall, $81 million was stolen from the central bank in Bangladesh.
Foxit and Banks
Foxit makes PDF software that is used by approximately 100,000 organizations worldwide, many of them financial institutions. Foxit PDF software is used in financial transactions that require confidential information and signatures. Strict security controls are essential in this line of work, as loss of confidential information could cost the institutions and consumers greatly. Over 500 million people use Foxit regularly, meaning that there is a wealth of data that needs to be protected at all costs.
Financial institutions, government agencies, schools, and many other organizations are relying more and more on PDF documents over paper files. In organizations where the security of information is crucial, a Foxit PDF must be part of data security regulations, rules, and procedures. Foxit is expected to strengthen its security protocols going forward in light of recent events.
Cybersecurity Starts with the End-User
More and more, huge companies are falling prey to breaches of cybersecurity. As with any criminal, cybercriminals look for weak spots to exploit in an organization’s defenses. These weak spots can often be open ports, poor security measures, or even employees who fall for phishing schemes. With Foxit, it seems their software is easily hacked. Also, it has been reported that Foxit is not up-to-date on best practices that suggest password length should be at least eight characters.
Ultimately, we have no control over how well huge corporations are going to safeguard our PII. That is why we must take measures to ensure that even if big companies do get hacked, our information remains safe.
Secure Forensics has experienced examiners that help individuals and organizations keep information safe. In the event of a breach, they can ensure the breach has ended, determine the data that has been stolen, and produce court-admissible evidence of the attack. Working with Secure Forensics, individuals and companies both large and small can have their digitized data analyzed and protected from all types of cybercriminals.