January 24, 2024 at 03:12PM
Jason’s Deli alerted its Deli Dollars rewards program members about potential exposure of personal data due to a credential-stuffing attack. It impacted over 344,000 customers. Names, addresses, phone numbers, birth dates, and partial credit card numbers were compromised. The restaurant is urging customers to update their login credentials and emphasizes the need for multifactor authentication and access management to prevent such attacks. Moreover, the need for multifactor authentication (MFA), password managers, and secure access management is stressed by security experts following an increase in credential-stuffing attacks. Similarly, another sandwich chain, Subway, was recently hit by a ransomware cyberattack, with the theft of financial data, including employee salaries.
From the meeting notes, it is evident that Texas-based Jason’s Deli has experienced a security breach impacting its Deli Dollars rewards program. The unauthorized access resulted in the exposure of personal data of potentially over 344,000 customers, including sensitive information such as names, addresses, phone numbers, birth dates, order history, payment card numbers, and more.
The breach was attributed to a credential-stuffing attack using genuine logins obtained from the Dark Web, highlighting vulnerabilities in password security practices. Security experts emphasized the importance of implementing multifactor authentication (MFA), password managers, and robust access management to mitigate the risk of such attacks. Additionally, the use of phishing-resistant MFA was recommended for comprehensive protection against credential stuffing and password compromise.
Furthermore, the incident serves as a reminder of the risks associated with password reuse across accounts, as well as the need for businesses and services to enforce strong password best practices for user accounts.
The meeting notes also referenced a recent ransomware cyberattack on Subway, indicating the ongoing threat landscape faced by fast-casual chains.
In summary, the notes highlight the urgency for organizations to strengthen their cybersecurity measures, particularly in the areas of password security, access management, and protection against evolving cyber threats such as credential stuffing and ransomware attacks.