Gumtree’s recent security breach should serve as a reminder to small businesses that they can’t have a “set and forget” mentality when it comes to protecting customer data, according to experts.
Late last month online marketplace Gumtree revealed how some of its users’ information was compromised during a security attack.
Hackers gained access to people’s names, email addresses, and phone numbers.
Read more: Complacency over cybercrime cost $3 trillion in 2015
However, customers were told their passwords and payment details were not accessed.
A spokesperson for Gumtree told SmartCompany the incident was resolved “within minutes” and was an isolated event.
“We’ve since taken extra steps to protect user information,” the spokesperson said in a statement.
“The affected users, privacy regulators and the Australian Federal Police have been notified.
“Safety and security of our community remains our number one priority and we continue to educate our users about staying safe online and identifying potential scams or phishing attempts from fraudulent parties.”
Security expert Michael McKinnon told SmartCompany Gumtree alerting its customers to a data breach is best practice.
“There is still – in this country and many other parts of the world – often no legal obligation to have to disclose a breach,” McKinnon says.
“There are a lot of companies today that are getting hacked that we never hear about. But if you’re looking at the long-term reputation of your business, disclosing a breach is always the preferred outcome.”
David Markus, founder of IT services company Combo, told SmartCompany this incident serves as a timely reminder for small business owners to put customer security first.
“What we can see in SMEs is this set and forget mentality,” Markus says.
“If they put in a firewall, it was put in years ago and it hasn’t been maintained since. It’s key that people make use of the functionalities and security of the tools that are out there. If you’re going to go to the cloud, choose A-grade providers.”