In a shocking revelation, TechRadar reports that a cybersecurity researcher recently discovered a massive data breach targeting SimpleTire, a known company that sells car tires and related services.
According to a report by cybersecurity researcher Jeremiah Fowler, SimpleTire had been maintaining an unsecured database online, exposing sensitive customer information to anyone who knew where to look.
How Much Data Are Compromised
The exposed database, estimated at around 1TB, contained over 2.8 million customer records. These records included a wealth of personal information, such as full names, phone numbers, postal addresses, partial credit card numbers, and expiration dates.
Read Also: T-Mobile Falls to Another Security Breach with 37 Million Subscribers Affected-What is It?
Moreover, the database also housed wholesale information, references to authorized installers, refund requests, and sales and promotion images.
Of particular concern is the fact that the database contained the last four digits of customers' credit card numbers.
Although the first six digits of credit card numbers, known as the Issuer Identification Numbers (IIN), are publicly available, the exposure of the remaining four digits can significantly increase the risk of potential fraud.
Fowler warns that with the right software, it becomes almost instant for threat actors to guess the missing six numbers and potentially obtain the entire credit card number.
Weighing the Threats of the Breach
The combination of exposed customer information, including names, home addresses, and expiration dates, creates an alarming scenario where criminals can easily create a comprehensive profile of their victims.
The implications of this data exposure are far-reaching and pose a substantial threat to affected individuals. Cybercriminals can carry out various online scams with compromised information, ranging from wire fraud to identity theft.
What Potential Victims Can Do
TechRadar reports that Fowler promptly alerted SimpleTire through multiple email addresses, but the company's response was disappointingly slow.
However, it took SimpleTire more than three weeks to acknowledge the breach and secure the database.
As of now, the company has not provided any update about the situation. SimpleTire claims to have over 10,000 installers and more than 3,000 independent supply points, employing hundreds of people and supporting thousands of local businesses.
This breach puts the privacy of millions of customers at risk and the reputation and trustworthiness of the company itself.
In an era where data breaches have become alarmingly frequent, this incident serves as another reminder of the critical importance of securing customer information. Available data tells us that 41.6 million accounts have already been leaked through similar breaches in the first quarter of 2023 alone.
Additionally, timely and transparent communication with customers following a breach is crucial in mitigating potential harm and rebuilding trust.
The Federal Trade Commission (FTC) mandates that companies that experience a data breach promptly notify individuals whose personal information has been compromised. This is so that the affected parties can take measures to reduce the likelihood that their information will be misused.
As the investigation into this data breach unfolds, affected SimpleTire customers are advised to monitor their financial accounts closely, report any suspicious activity to their respective financial institutions, and consider freezing their credit to prevent unauthorized access.
Stay posted here at Tech Times.
Related Article: SchoolDude Data Breach: Hackers Steal 3 Million User Accounts, Per Brightly
