Under Armour announced that criminal hackers breached MyFitnessPal, its food and nutrition app and website, and obtained information from 150 million user accounts.
The company came across the breach last week, discovering that the data had been stolen in February. The data included usernames, email addresses, and passwords. However, it’s worth noting that the majority of passwords were hashed with a highly regarded cryptographic hash function called ‘bcrypt’. Additionally, payment card information was not compromised, as this is collected separately. Under Armour is notifying MyFitnessPal users of the breach and prompting them to reset their passwords.
Protect your organization and your customers’ personal data
Although the payment card information was secured and the passwords were hashed, sensitive information was still leaked. This breach reminds us yet again that customer data must be secured and properly stored. Organizations need to conduct information audits regularly to help prevent data breaches. Information audits are an important part of a comprehensive information security management system (ISMS).
ISO 27001 is the international standard that provides specifications for a best-practice ISMS. Achieving ISO 27001 certification demonstrates that an organization has taken reasonable steps to protect its sensitive and confidential data.
Join our free webinar on the ISO 27001 ISMS internal audit
An internal audit is an effective measure to assess whether your ISMS is functioning as it should, and is one of the requirements for achieving ISO 27001 certification. IT Governance is running a new and exciting webinar providing an overview of the internal audit process against ISO 27001’s requirements. Register now.
Learn how to implement ISO 27001 and audit against its requirements
IT Governance’s ISO27001 Lead Implementer and Lead Auditor Combination Online course will guide you through the process of implementing an ISO 27001-compliant ISMS. You will gain an understanding of the activities needed to plan, implement, and maintain a best-practice ISMS.