Security News Survey – September 26, 2019

This week, we look at the DoorDash data breach, an international recommitment to cybersecurity, and new resources for healthcare cybersecurity.

We’re close to wrapping up September, which means that we’re just about to entire one of the most exciting months of the year: October, aka “National Cybersecurity Awareness Month!” 

This year will mark the 16th observation of National Cybersecurity Awareness Month (NCSAM) since its creation by the U.S. Department of Homeland Security and the National Cyber Security Alliance. Under the theme of “Own IT. Secure IT. Protect IT.”, this year’s NCSAM will focus on education and knowledge sharing around best practices and personal accountability for cybersecurity—at home and at work. And this year, Micro Focus has committed to serving as an NCSAM “Champion” to join the global effort of promoting online safety. 

Be sure to follow NCSAM updates from Micro Focus, Interset, and the international cybersecurity community via @IntersetAI, @MicroFocusSec, and #BeCyberSmart throughout the month of October.

But before we dive into October, let’s take a look at a few cybersecurity headlines from the last full week of September. 

DoorDash discloses data breach from May 2019

Another week, another “Important security notice…” delivered to my inbox. Food delivery service DoorDash is notifying 4.9 million customers, Dashers, and merchants about a security incident in which it detected “unusual activity involving a third-party service provider” that resulted in unauthorized access to user data on May 4, 2019 (DoorDash says it only became aware of the activity “earlier this month.” The company said in its notice that not every user was affected—only those who joined the service on or before April 5, 2018. 

Customer information such as names, delivery addresses, phone numbers, and hashed passwords were compromised. It appears some consumers, Dashers, and merchants may have had the last four digits of their credit cards or bank accounts compromised; full card or bank account numbers and CVVs were not impacted. Unfortunately, the driver’s license numbers of roughly 100,000 Dashers were affected. DoorDash says it has added additional “security layers” around data and is encouraging users to proactively reset their passwords, even though they remain confident that the hashed and salted passwords are not decipherable. 

27 nations reaffirm commitment to cybersecurity

This week, 27 countries signed and issued a joint statement, titled “Advancing Responsible State Behavior in Cyberspace,” to renew their commitment to upholding global cooperation and accountability toward “responsible state behavior” when it comes to cyberspace. The statement encourages transparency and adherence to international law, and commits to holding nations accountable should they behave contrary to these commitments. The statement does not, however, specify what type of accountability measures would be taken in those cases. The United States, Canada, the United Kingdom, France, Germany, Spain, and Australia are among the 27 nations that signed the statement. 

New cybersecurity information sharing matrix for healthcare

The U.S. Healthcare and Public Health Sector Coordinating Council (HSCC) this month released a new resource aimed at supporting healthcare organizations share knowledge about cybersecurity best practices. The Health Industry Cybersecurity – Matrix of Information Sharing Organizations (HIC-MISO) serves as a directory of private and government organizations that provide “information sharing activities for the betterment of health industry cybersecurity awareness and resilience.” The matrix currently contains 25 such organizations.