Tag: business data protection

  • McDonald’s AI “McHire” platform was breached, allowing for the potential exposure of 64 million applicants private data

    McDonald’s AI “McHire” platform was breached, allowing for the potential exposure of 64 million applicants private data

    For employers, sorting through applications is ordinarily a tedious but necessary part of the hiring process. Enter AI, with artificial intelligence employers can now have AI tools sort candidates based on specific prompt criteria, shortening the time it takes to sort through dozens or even hundreds of applications and propelling the most worthy candidates to the top of the list for human review.

    Or at least, that was the idea. However recently for McDonald’s that idea backfired with a simple mistake, a security flaw in their AI hiring platform dubbed “McHire” or McHire.com allowed attackers to access the logs of any user in the system simply by using the account and username “123456”.

    This allowed access to an administrator account for Paradox.ai, the vendor behind the creation of the McDonald’s AI hiring platform, and the ability to query “Olivia”. Olivia is is the chatbot potential applicants would chat with as they submitted their application.

    The data they were able to access included applicants’ names, emails, addresses and phone numbers. In total there were 64 million records accessible in the system at the time the breach occurred.

    Luckily, the security flaw was discovered by researchers instead of true bad actors. The breakdown of how it was discovered can be found on the blog by security researchers Ian Carroll and Sam Curry. We have reported on their research before when they discovered a major flaw with Kia and other car brand manufacturers allowing for remote access to vehicles (even while they’re actively being driven).

    It’s a sharp reminder that just because AI solutions may make things easier, doesn’t mean that best practices are automatically being followed. The human review is still an important component when deploying any system that will gather large amounts of PII (Personally Identifiable Information) and it’s important to know the rules and restrictions you must follow when collecting that data for your business.

    Below are three rules we recommend following when collecting PII in your business:

    1. Collect Only What’s Necessary (Data Minimization)

    Only gather the PII that is absolutely essential for the purpose at hand. Avoid collecting excess or sensitive data unless it is required. This reduces risk in the event of a data breach and shows respect for user privacy.

    1. Clearly Inform and Obtain Consent

    Be transparent about what data is being collected, why it’s needed, how it will be used, and with whom it might be shared. Always obtain informed consent before collecting any PII, especially for sensitive data like health, financial, or biometric information.

    1. Protect the Data with Strong Security Measures

    Use up-to-date encryption, access controls, and secure storage practices to protect PII from unauthorized access, loss, or misuse. Regularly audit systems and train employees on proper data handling procedures.

    These rules not only build trust with users but also help ensure compliance with regulations like GDPR, CCPA, HIPAA, CMMC and more. If compliance or data protection is a concern for your business, Valley Techlogic can be your go-to partner in creating secure data collection and safeguarding practices alongside deploying industry leading cyber security preventions within your business. Reach out today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • Is the cloud still your best option or would an on-premises server be the smarter way to go? 5 facts to consider about both

    Is the cloud still your best option or would an on-premises server be the smarter way to go? 5 facts to consider about both

    Originally touted as the wave of the future “the cloud”, which is nebulous phrasing that basically means putting your data anywhere besides your direct location, is often seen as the solution for corralling data into one central online location that’s managed by someone else (IE cloud providers).

    However, rising costs of data storage and uncertainty surrounding data security and availability in the wake of ever-increasing data breach threats has meant more businesses are seriously considering their options when it comes to the best strategy for data storage in their business. Where once more and more businesses were on board with an all-cloud solution, now many are turning away from the cloud for on-premises solutions or even a hybrid solution.

    First, five facts to consider in favor of an all-cloud solution:

    1. Scalability: Cloud solutions provide on-demand scalability, allowing businesses to easily increase or decrease resources such as storage, processing power, and bandwidth, based on changing needs without having to invest in physical infrastructure.
    2. Cost Efficiency: Moving to the cloud can reduce capital expenses (CapEx) for hardware and maintenance. Instead, businesses can move to an operating expense (OpEx) model, where they only pay for the resources they use, thus reducing waste and optimizing budgets.
    3. Accessibility and Flexibility: Cloud platforms allow employees to access data and applications from anywhere with an internet connection. This supports remote work, global collaboration, and increases flexibility for businesses.
    4. Automatic Updates and Maintenance: Cloud service providers manage routine maintenance, security patches, and software updates, freeing up internal IT teams to focus on more strategic tasks, and ensuring systems are up to date with the latest technologies.
    5. Disaster Recovery and Backup: Cloud solutions offer robust disaster recovery options, ensuring data redundancy and availability. Cloud providers often have geographically distributed data centers, reducing the risk of data loss due to localized incidents and enhancing business continuity.

    On the other hand, here are five facts in favor of an on-premises solution:

    1. Greater Control and Customization: With on-premises servers, organizations have full control over their hardware, software, and network configurations. This allows for highly customized setups that can be tailored to meet specific business or security needs.
    2. Data Security and Privacy: On-premises storage allows businesses to maintain direct oversight of their data, which can be crucial for industries that require strict data security and regulatory compliance (e.g., healthcare or finance). Sensitive data stays within the company’s infrastructure, reducing third-party access risks.
    3. No Dependence on Internet Connectivity: Unlike cloud-based solutions that require constant internet access, on-premises servers allow organizations to access and manage their data even if there are internet outages or network interruptions, ensuring business continuity.
    4. Predictable Costs: While the upfront costs of on-premises servers can be higher, they are typically one-time capital expenditures. Over time, businesses have greater control over their long-term budget for hardware upgrades and maintenance without the recurring subscription fees that cloud services often require.
    5. Legacy Systems Integration: Many businesses have legacy applications or systems that are better suited for, or only compatible with, on-premises infrastructure. Keeping data and applications on-site ensures better performance and integration with existing, sometimes older, internal systems.

    There are factors to consider when it comes to choosing either cloud or on-premises for your business storage solution, but what about a mix of both? Maintaining an on-premises storage solution combined with a cloud storage solution as a backup gives you both the redundancy you need with the flexibility of cloud storage and alongside the control of an on-premises solution in a hybrid solution completely customized for your needs.

    In today’s world, data storage can be customized to your business’s specific needs and here at Valley Techlogic we are experts in developing backup solutions that work for you (through our program TechVault). Whether you’re looking to protect your current data, migrate your data to the cloud or to an on-premises solution, or even if you’ve reached this article while going through a data loss event – Valley Techlogic can help. Reach out for a consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.