A recent event website data breach has led to hundreds of thousands people's personal data ending up in the wrong hands. Here's what we know and what you can do to keep your attendee data safe.
Earlier this week, reports surfaced of user data from Coachella's website being offered for sale on the dark web. Concert promoter, Goldenvoice said that hackers gained access to names, email addresses, phone numbers and birthdates but no passwords or payment information had been breached.
The event promoters haven't said when the breach happened or how hackers managed to gain access but an investigation by Motherboard has revealed that the data was stolen from both the user forum and Coachella's main website. Ticketing for the festival is handled by another service. Reports so far claim that this information is still safe.
Is Your Event Safe?
The breach of Coachella's website highlights a constant threat faced by any organisation holding user data on the web. Technically speaking, this makes almost every event website a potential target but statistically speaking, for most events, it's highly unlikely to be a problem. However, the bigger your event, the more likely this becomes. In most cases, hackers are seeking financial gain so the more data you have, the more valuable it is.
Another concern for eventprofs is that of politically motivated attacks. Events related to controversial topics are more likely to be targeted.
What Can Eventprofs Do To Prevent A Data Breach?
Unfortunately, if a proficient hacker wants to gain access to your data, they will, but there are things you can do to make it a bit more difficult. The rule of thumb is to purchase the best security your budget allows. Other measures to take include ensuring that all passwords are encrypted and that where possible, data should be depersonalized and detached from financial data. Lastly, and perhaps most importantly, if you no longer need the data, ensure that it is deleted.
Bearing in mind that no security solution is 100% infallible, it is important that you have insurance to cover the worst, should it happen.
What Should Eventprofs Do If A Data Breach Occurs?
First of all, the breach should be reported to the relevant authorities. It depends on the type of breach and what country you're in as to whom to report it. Your IT service provider should be able to give you the relevant information. Secondly, it is important to be transparent. As soon as it is possible, following guidance from the authority to whom you have reported the breach, you should inform your users. The sooner they can take action to protect themselves by changing passwords, the less of a problem you will have on your hands.
While it's impossible to be completely hacker proof, this isn't something that should keep eventprofs awake at night. To mitigate the risk, eventprofs must take the right steps to ensure the security of your data and have a plan in place for when/if a breach occurs.