On August 5th, Avis Car Rental discovered unauthorized access to one of its business applications. An investigation determined that the attackers exfiltrated certain data, including personally identifiable information (PII) pertaining to some customers. Depending on the individual, the data breach reportedly impacted addresses, dates of birth, driver’s license numbers, and financial account information. In early September, Avis notified the Maine Attorney General’s Office that approximately 300,000 people were affected.

Wisconsin Physicians Service Insurance Corporation (WPS) disclosed a breach in May 2023. It was initially reported that the subsequent investigation did not find any evidence that an unauthorized party obtained copies of files managed by WPS. A second investigation was launched in May 2024 with assistance from a third-party cybersecurity firm found that the initial investigation report was incorrect, and files were indeed stolen from WPS. The compromised information includes names, home addresses, dates of birth, Social Security numbers, gender, hospital account numbers, dates of service, and Medicare beneficiary identifiers or health insurance claim numbers. In all, 946,801 individuals were likely affected.

Slim CD, compromised in August 2023, discovered the hack in June 2024, ten months after the initial intrusion. A review of the potentially accessed information determined that names, addresses, and credit card numbers and expiration dates were likely compromised. On September 6, Slim CD notified the Maine Attorney General’s Office that 1,693,000 people were likely impacted by the data breach. The investigation is still ongoing, and the full impact is yet to be known.

In 2023 alone, a staggering 349,221,481 people were impacted by data breaches across 2,365 cyberattacks.

As cyberattacks continue to rise, protecting sensitive data exchanged through EDI systems has become a critical priority for businesses.

When choosing an EDI service provider, it’s important to assess their security credentials to protect sensitive business data. EDI data often includes critical information such as transaction details, pricing, inventory levels, and customer records. This data can be vulnerable to breaches without proper safeguards, leading to disruptions, compliance issues, and reputational damage.

Key security credentials can include:

• SOC 2 Compliance: This certification indicates that the provider follows stringent standards for security, availability, and data confidentiality.

• Security Ratings: An ‘A’ rating from platforms like Security Scorecard suggests a lower risk of breaches compared to providers with lower scores. For example, companies with an A rating are statistically three times less likely to be breached compared to those with a B rating.

• Secure Communication Channels: Using secure communication protocols – AS2, SFTP, FTPS, or VPNs – protects the confidentiality and integrity of data during transmission.

Choosing a provider like Promethean Software Services can give you confidence in the security of your EDI data and help safeguard your business operations.