Cybersecurity 2020 – Budgeting

Cybersecurity Budgeting

What Should We Budget Per Employee For Cybersecurity:

In May of 2019, Deloitte published the results of a survey and found that surveyed financial institutions are spending between $1,300 to $3,000 per employee on an annual basis. These institutions included banks, insurers, investment management firms, and other financial services. The report also highlighted that the per employee cost represented 6-14 percent, averaging 10 percent, of those company’s information technology budget for cybersecurity.

Cybersecurity Spending

If you are in the financial industry or not, cybersecurity is a key component to your company’s information assets’ safety. QOS Consulting can identify and outline what your company should be allocating per employee for your annual cybersecurity budget. Stop guessing and make an informed decision, QOS Consulting can schedule an audit of your organizations cybersecurity budget.

[ninja_form id=4]

Cybersecurity 2020 – Threat Vectors

The corporate organization’s network defenses must be highly adaptive to combat the threats of 2020 and beyond. Early identification and rapid containment has always been and will continue to be the key to combat. New artificial intelligence products will be needed.

Lockheed Martin pioneered the concept “cyber kill chain”. The cyber kill chain describes up to seven sequential stages during a targeted cyber attack, they are: Reconnaissance, Weaponization, Delivery, Exploit, Installation, Command and control, and Action.

While possible attack vectors are endless, the main attack vectors are:

  • Advanced Persistent Threats
  • Phishing
  • Trojans
  • Botnets
  • Ransomware
  • Distributed Denial of Service (DDoS)
  • Wiper Attacks
  • Intellectual Property Theft
  • Theft of Money
  • Data Manipulation
  • Data Destruction
  • Spyware/Malware
  • Man in the Middle (MITM)
  • Drive-By Downloads
  • Malvertising
  • Rogue Software
  • Unpatched Software

QOS Consulting has strategies in place to combat all of the above attack vectors. Unpatched software, seemingly the simplest vulnerability, can still lead to the largest leaks. Stop wondering how protected you are and what vectors you have not accounted for, QOS Consulting can schedule a vector audit for your organization today!

[ninja_form id=4]

Cybersecurity 2020 – Intro 101

What does your cybersecurity road map look like for 2020? Many organizations are scrambling to identify what methods, processes, solutions, software and services need to be in place to safeguard company information assets.

QOS Consulting can conduct a cybersecurity audit on your organization to identify the areas we see as needing improvement. Our team of experts can aid in the development of an ongoing cybersecurity strategy, perform rapid response execution, manage remediation, and can even provide placement of part-time or full-time compliance officers.

What is Cybersecurity:

Cybersecurity is a set of techniques or practices that are implemented to protect a company’s information assets, networks, and systems.

The Cloud Controls Matrix by Cloud Security Alliance outlines the following areas that your organization should focus on for its cybersecurity policies:

  • Audit Assurance & Compliance
  • Business Continuity Management & Operational Resilience
  • Change Control & Configuration Management
  • Data Security & Information Life Cycle Management
  • Data Center Security
  • Encryption & Key Management
  • Governance and Risk Management
  • Human Resources
  • Identity & Access Management
  • Infrastructure & Virtualization Security
  • Interoperability & Portability
  • Mobile Security
  • Security Incident Management, E-Discovery, & Cloud Forensics
  • Supply Chain Management, Transparency, and Accountability
  • Threat and Vulnerability Management

QOS Consulting has developed and identified protection plans for all the areas listed above. Through the many years of experience our staff has under its belt, we always do our very best to ensure your assets, networks and systems a secure.

Don’t miss these other great articles about Cybersecurity:

[ninja_form id=4]

Why Keep A Data Center in 2020?

2018 data center example

Many companies are asking why they should keep their data centers in 2020 since the move to cloud-based or service-based offerings. While Amazon’s AWS Cloud, Microsoft’s Azure Cloud and Google’s Cloud Platform have brought us many things, account management, accountability and support don’t make the list.

Here are our top reasons to keep a data center in 2020:

Ask anyone in business about control and suddenly the term control loses it negativity, doesn’t it? Businesses want control over their expenses, to control the sales process, and control over who owns shares of the company, just to name a few. Take control of the choices you are making and don’t settle for what others are doing or what the big mega companies are telling you. Have standards and convictions.

Who Is Driving The Boat | The Faceless Organization?

When we are not in control of things we entrust someone else to drive that boat. Entrusting others is a very good thing, some call that delegating, but is often only given if that trust has been established and a track history has been proven, at least in the business world. QOS Consulting, Inc. in Hoffman Estates Illinois, like other consulting firms and Managed Service Providers, develops solid working relationships with our clients. The relationships start off with small things and work up to larger responsibilities over time. Relationships and trust are not something that is freely given or earned overnight. They are developed over time.

Here is a great example in my opinion that many CFOs should be able to relate. I handle all my retirement planing with one person that is with a company that has been in business for years. I like my financial retirement planner because he calls me often about suggestions, emails me often about how my funds are doing, takes me to lunch every year to thank me for my business. I feel like my funds are in good hands because of the relationship we have built over the years. In the beginning, I didn’t just move all my retirement funds over to him. I made him earn it. I made him show me that he wanted to develop a relationship with me and would safeguard my retirement assets.

Since Amazon’s AWS Cloud, Microsoft’s Azure Cloud and Google’s Cloud Platform are geared towards self-service (do it yourself), you now are putting your trust into a faceless organization. One whose primary focus is profitability, not developing relationships or earning your business. Don’t you want to put a face to those you entrust with the systems that enable your business operations and drive sales? Technology is a great tool, but when it fails, all you can do then is look towards yourself and the self-service options you elected.

Make the right choice and choose a technology partner like QOS Consulting, Inc. who has experience as a Managed Service Provider and Data Center Provider. QOS Consulting, Inc. cares about the relationships we cultivate and we can always meet you face to face.

Accountability and Ownership | What About The Service Level Agreement?

When problems occur, and they will, large organizations have large problems. Theft of sensitive information can destroy a business’s reputation. Extended interruption of service can cause customers to think twice about using your company in the future. Data loss can lead to legal action. Are you in good hands?

QOS Consulting, Inc. in Hoffman Estates Illinois, like other consulting firms and Managed Service Providers, are well educated in all the Cloud offerings of Data Center providers. What makes QOS Consulting, Inc. different is that we own and operate our own data center. Yes, we can also manage systems on Amazon’s AWS Cloud, Microsoft’s Azure Cloud and Google’s Cloud Platform.

So where do the accountability and ownership fall when your service or system is offline? Ever call your Internet Provider to complain because your service isn’t working? You probably have gotten the “We are very sorry for the inconvenience, but we will issue you a credit for as long as your service has been out….”. That is part of The Service Level Agreement.

The Service Level Agreement says we want to provide a percentage of up-time, and if not, a credit is due for the downtime. That’s great, but that isn’t a guarantee. In fact, no one can make a 100% guarantee and that’s why there is the Service Level Agreement.

Taking accountability should mean more than a mass apology email by some CEO you never heard of before or a tiny credit on your bill. Outages cause mass disruption to businesses. And it doesn’t mean having to fill out TPS reports to get your service outage credit. Let’s break down the Amazon’s Compute Service Level Agreement:

  1. Service commitment is 99.99% uptime. From AWS –
  2. Service credits are issued when your systems are not online 99.99% of the time. From AWS –
  3. WHERE’S MY MONEY BRIAN! You only get your money if you can prove that your system was down.  From AWS –

Make the right choice and choose a technology partner like QOS Consulting, Inc. who has experience as a Managed Service Provider and Data Center Provider. You will never feel like just another client of QOS Consulting, Inc.’s and if your service or systems ever go down, we will make sure you know how we plan on preventing it from ever happening again. Your relationship with us is paramount and we will never make you fill out TPS reports. QOS stands for Quality of Service, let us show you the quality of our service.

Email Support vs Phone Support | You know who isn’t winning – you!

Monday morning at 7 am usually involves commuting to work for most of us. On this day though all your systems are down at Amazon’s AWS Cloud, Microsoft’s Azure Cloud or Google’s Cloud Platform. Not to worry, you’ll just give them a call and see when things will be back online, right? Wow, slow down Hoss! We see that you haven’t purchased a support plan. If so how much are they? From AWS –

So now that you have your support plan, you need to open a case via their website, unless you paid over $15k to speak with someone that helps you through it over the phone. See AWS’s getting started guide on how to open a support case online at

Your support case is open finally and now you want answers, no wait, seriously, you have to wait and how long you wait depends on the severity level of the issue. Keep in mind this is first response, not resolution timelines. From AWS –

Make the right choice and choose a technology partner like QOS Consulting, Inc. who has experience as a Managed Service Provider and Data Center Provider. QOS Consulting, Inc. cares about your downtime and won’t make you jump through hoops to get the support you need. Not to mention you get to speak with a real live person here in the United States.

Worst Data Breaches of 2017

There have been many data breaches in 2017 with some that have crippled a business’s operations to others that have caused serious legal ramifications.

The worst data breaches of 2017 as reported by for 2017:

E-Sports Entertainment Association (ESEA)

January 8, 2017: On December 30, 2016, ESEA, one of the largest video gaming communities, issued a warning to players after discovering a breach. At the time, it wasn’t known what was stolen and how many people were affected. However, in January, LeakedSource revealed that 1,503,707 ESEA records had been added to its database and that leaked records included a great deal of private information: registration date, city, state, last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.

Xbox 360 ISO and PSP ISO

February 1, 2017: Security expert Troy Hunt, of the website Have I Been Pwned?, revealed that Xbox 360 ISO and PSP ISO had been hacked in September 2015. The websites, both forums which host illegal video game download files, housed sensitive user information that was taken. 1.2 million Xbox 360 ISO users and 1.3 million PSP ISO users were affected and may have had their e-mail addresses, IP addresses, usernames, and passwords stolen in the breach. At this time, it’s not clear who is responsible, but forum users were encouraged to change their passwords immediately.

InterContinental Hotels Group (IHG)

February 7, 2017: IHG, the company that owns popular hotel chains like Crowne Plaza, Holiday Inn, Candlewood Suites, and Kimpton Hotels, announced a data breach that affected 12 of its properties. Malware was found on servers which processed payments made at on-site restaurants and bars; travelers that used cards at the front desk did not have information taken. The malware was active from August 2016 to December 2016 and stolen data includes cardholder names, card numbers, expiration dates, and internal verification codes. Some targeted locations include Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn in San Francisco’s Fisherman’s Wharf, InterContinental San Francisco, Aruba’s Holiday Inn Resort, and InterContinental Los Angeles Century City.


February 17, 2017: The national fast food chain acknowledged a data breach after being pressed by the website KrebsOnSecurity. The company admitted that they had been notified in mid-January about a possible breach in select restaurants, but the FBI asked them not to go public yet. Malware was placed on payment systems inside certain Arby’s corporate stores, which make up about one-third of all Arby’s in the nation. There are about 1,000 corporate Arby’s restaurants, and while not all were affected, it’s not clear yet how many were. The company says that the malware has been removed, but the scope of the breach is not yet known. Arby’s did not say when the breach occurred, but one credit union believes it may have been between October 25, 2016 and January 19, 2017.

River City Media

March 6, 2017: A group of spammers, operating under the name River City Media, unknowingly released their private data into cyberspace after failing to properly configure their backups. The leak known as Spammergate included Hipchat logs, domain registration records, accounting details, infrastructure planning, production notes, scripts, business affiliations, and more. The biggest discovery, however, was a database of 1.4 billion email accounts, IP addresses, full names, and some physical addresses. Thankfully, the “good guys” found the information—in this situation, it was Chris Vickery, a security researcher for MacKeeper—and reported everything to the proper authorities.

At this time, it’s unclear what’s going to happen to River City Media. While law enforcement is involved, groups like River City Media often have all sorts of aliases and affiliate programs—no one can be sure they will all be wiped out.


March 7, 2017: KrebsOnSecurity revealed that Verifone, the largest maker of point-of-sale credit card terminals used in the U.S., discovered a breach of its internal network in January 2017. When asked, Verifone said the breach didn’t affect its payment services network and was only within the corporate network. The company claims they responded to the breach immediately and “the potential for misuse of information is limited.” Sources say there’s evidence that a Russian hacking group is responsible for the breach, and that the intruders may have been inside Verifone’s network since mid-2016, but nothing has been confirmed.

Dun & Bradstreet

March 15, 2017: Dun & Bradstreet, a huge business services company, found its marketing database with over 33 million corporate contacts shared across the web in March 2017. The firm claims its systems were not breached, but that it has sold the 52GB database to thousands of companies across the country; it’s unclear which of those businesses suffered the breach that exposed the records. Millions of employees from organizations like the U.S. Department of Defense, the U.S. Postal Service, AT&T, Wal-Mart, and CVS Health had information leaked, and the database may have included full names, work email addresses, phone numbers, and other business-related data.

Saks Fifth Avenue

March 19, 2017: BuzzFeed broke the news that customer information was available in plain text via a specific link on the Saks Fifth Avenue website. The information for tens of thousands of customers was visible on a page where customers could join a wait list for products they were interested in. While payment details were not exposed, it was possible to see email addresses, phone numbers, product codes, and IP addresses. When BuzzFeed contacted Hudson Bay Company, the Canada-based organization that owns Saks Fifth Avenue, the pages containing customer information were taken down. At this time, it’s not clear how this happened, how customers may have been affected, and who was responsible.

UNC Health Care

March 20, 2017: 1,300 letters were sent to prenatal patients who had received care in the University of North Carolina Health Care System about a potential data breach they may have been affected by. UNC Health Care revealed that women who had completed pregnancy home risk screening forms at prenatal appointments between 2014 and 2017 at the Women’s Clinic at N.C. Women’s Hospital and UNC Maternal-Fetal Medicine at Rex may have mistakenly had their personal information transmitted to local county health departments. Breached information included full names, addresses, races, ethnicities, Social Security numbers, and a variety of health-related information. The county health departments are subject to federal and state privacy laws and must protect all information they received; it was also requested that they electronically purge electronic information about non-Medicaid patients.

America’s JobLink

March 21, 2017: America’s JobLink, a web-based system that connects job seekers and employers, revealed its systems were breached by a hacker who exploited a misconfiguration in the application code. The criminal was able to gain access to the personal information of 4.8 million job seekers, including full names, birth dates, and Social Security numbers.

Activity was uncovered in the ten states that use the America’s JobLink system: Alabama, Arkansas, Arizona, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma, and Vermont. The code misconfiguration was discovered and eliminated on March 14, 2017, so anyone who had an account with America’s JobLink before March 14, 2017 may have been affected and had their personal information compromised.

FAFSA: IRS Data Retrieval Tool

April 6, 2017: The IRS revealed that up to 100,000 taxpayers may have had their personal information stolen in a scheme involving the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). In March 2017, federal officials observed a potential data breach and took the tool down. The IRS said it shut down the Data Retrieval Tool because identity thieves that had obtained some personal information outside of the tax system were possibly using the tool to steal additional data.

Currently, the agency suspects that less than 8,000 fraudulent returns were filed, processed, and returns issued, costing $30 million. 52,000 returns were stopped by IRS filters and 14,000 illegal refund claims were halted as well.

InterContinental Hotels Group (IHG) – UPDATE

April 19, 2017: When IHG first announced a data breach in February 2017, it was believed that only 12 of its properties had been affected. It’s been revealed, however, that the initial 12 has jumped to 1,200. IHG said the dozen hotels initially named were only the ones they run directly and at the time, they did not know the full scope of the breach; the other hotels are IHG-branded franchise properties. The malware had infected hotel servers, but was eradicated in all locations by the end of March.


April 25, 2017: Chipotle posted a “Notice of Data Security Incident” on its website to let customers know about unauthorized activity it detected on the network that supports in-restaurant payment processes. It believes payment card transactions that occurred from March 24, 2017 through April 18, 2017 may have been affected. The investigation is still ongoing and at the time the notice was published, the company did not have any additional information; it just said that it believes it has stopped the unauthorized activity and it’s too early to give more details.

Sabre Hospitality Solutions

May 2, 2017: Sabre Hospitality Solutions, a tech company that provides reservation system services for more than 36,000 properties, revealed a breach that allowed hotel customer payment information to be compromised. The company shared the information in its quarterly filing report and did not say when the breach happened or which locations may have been affected. The unauthorized access has been shut off and the company does not believe any other Sabre systems have been compromised.


May 3, 2017: Gmail users were targeted in a sophisticated phishing scam that was seeking to gain access to accounts through a third-party app. The emails were made to look like they were from a user’s trusted contact and notified the individual that they wanted to share a Google Doc with them. Once clicked, the link led to Google’s real security page where the person was prompted to allow a fake Google Docs app to manage his or her email account. Google put a stop to the scam in about one hour and the company says they estimate about 1 million users may have been affected.

Bronx Lebanon Hospital Center

May 10, 2017: Thousands of HIPAA-protected medical records were exposed in a data breach due to a misconfigured Rsync backup server hosted by a third party, iHealth. At least 7,000 patients who visited the Bronx Lebanon Hospital Center in New York between 2014 and 2017 may have had extremely personal information compromised. Leaked information has been reported to include names, home addresses, religious affiliations, addiction histories, mental health and medical diagnoses, HIV statuses, and sexual assault and domestic violence reports. Once the breach was detected, the hospital and iHealth took immediate steps to protect the exposed data.

Brooks Brothers

May 12, 2017: If you shopped at a Brooks Brothers retail store or outlet in the last year and used a credit or debit card, you may have had your card data stolen. Brooks Brothers revealed a breach that affected some of their stores between April 4, 2016, and March 1, 2017; the retailer has not revealed which exact locations were targeted yet. A forensic investigation showed an unauthorized individual installed malicious software on some payment processing systems that was capable of collecting payment card information. Brooks Brothers said the issue has been resolved but did not provide any other details upon announcing the breach.


May 17, 2017: Customers and users of the electronic signature provider DocuSign were targeted recently by malware phishing attacks. DocuSign says that hackers breached one of its systems, but they only obtained email addresses and no other personal information. The hackers used the email addresses to conduct a malicious email campaign in which DocuSign-branded messages were sent that prompted recipients to click and download a Microsoft Word document that contained malware. If you received a suspicious DocuSign email, forward it to; moving forward, only access documents directly through the DocuSign website and not by clicking email links.


May 31, 2017: OneLogin, a San Francisco-based company that allows users to manage logins to multiple sites and apps through a cloud-based platform, has reported a troubling data breach. OneLogin provides single sign-on and identity management for about 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers. A threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US. The attack began at 2am PST on May 31 and was shut down by 9am. Customer data was compromised during this time, including the ability to decrypt encrypted data. The investigation is ongoing and the full extent of the breach is still unknown.


May 31, 2017: Sears Holdings, the parent company of Kmart, revealed that Kmart’s store payment systems were infected with malware; and Sears shoppers were not impacted by this breach. The malicious code has been removed, but the company has not shared how long the payment system was under attack and how many stores were affected. No personal identifying information was compromised, but certain credit card numbers may have been. Kmart suffered a very similar data breach back in 2014, that we also told you about at the time.

University of Oklahoma

June 14, 2017: The University of Oklahoma’s (OU) student-run newspaper, The Oklahoma Daily, was the first to discover an on-campus data breach connected to the university’s document sharing system, Delve. Educational records, dating back to at least 2002, were unintentionally exposed through incorrect privacy settings. The Oklahoma Daily reported that in just 30 of the hundreds of documents made publicly discoverable on Microsoft Office Delve, there were more than 29,000 instances in which students’ private information was made public to users within OU’s email system. Sensitive information included Social Security numbers, financial aid information, and grades. The file sharing service has been shut down until further notice.

Washington State University

June 15, 2017: A hard drive containing the personal information of approximately one million people was stolen from a Washington State University storage unit in Olympia, WA. The hard drive was inside an 85-pound safe, so the university says it has no current reason to believe the individual was able to get inside the safe and steal the data on the hard drive. Information on the hard drive was part of research the university had conducted for school districts, government offices, and other outside agencies; Social Security numbers and health history were among the personal details stolen. The university has sent letters to individuals who may have been affected and will be offering them a free year of credit monitoring.

Deep Root Analytics

June 20, 2017: Last year, the Republican National Committee hired Deep Root Analytics, a data analytics firm, to gather political information about U.S. voters. Chris Vickery, a cyber risk analyst, discovered that the sensitive information Deep Root Analytics obtained–personal data for roughly 198 million American citizens –was stored on an Amazon cloud server without password protection for almost two weeks this month. Exposed information includes names, dates of birth, home addresses, phone numbers, and voter registration details. Deep Root has taken full responsibility, updated the access settings, and put protocols in place to prevent further access.

Blue Cross Blue Shield / Anthem

June 27, 2017: Health insurance company Anthem has agreed to a $115 million settlement in connection with a 2015 data breach that impacted 80 million of their customers across their Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare brands.

Although Anthem acted quickly, notifying the FBI and working with a cybersecurity firm as soon as it was made aware of the breach, the breadth of the initial breach and subsequent costly payout just goes to reinforce the need for companies of all sizes to take cybersecurity issues seriously.

While the settlement still needs to be approved by the courts during a hearing on August 17th, the health insurance giant released a statement, stating “Nevertheless, we are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was or may have been involved in the cyberattack and who will now be members of the settlement class.”

Anthem originally agreed to provide impacted individuals with 2 years of credit monitoring services. They are extending that offer for an additional 2 years, as part of this settlement.

California Association of Realtors

July 10, 2017: A subsidiary of the California Association of Realtors—Real Estate Business Services (REBS)—was the victim of a data breach; it was recently reported to the California Attorney General’s Office. The organization’s online payment system was infected with malware that was active between March 13, 2017, and May 15, 2017. When a user made a payment on the website during that time frame, personal information may have been copied by the malware and transmitted to an unknown third party. Sensitive data that had the potential to be accessed included the user’s name, address, credit card number, credit card expiration date, and credit card verification codes. The malware has been removed and the organization is now using PayPal for payments.


July 13, 2017: A reported 14 million Verizon subscribers may have been affected by a data breach, and you might be one of them if you have contacted Verizon customer service in the past six months. These records were held on a server that was controlled by Israel based Nice Systems. The data breach was discovered by Chris Vickery, who is with the security firm, UpGuard. He informed Verizon of the data exposure in late-June, and it took more than a week to secure the breached data. The actual data that was obtained was log files that became generated when customers of Verizon contacted the company via phone.

Online Spambot

August 30, 2017: Remember the River City Media breach from March 2017 in which the “bad guys” had information stolen? It’s happened again to an online spambot, and the set of stolen data is even larger. Though River City Media’s breach was originally believed to impact 1.4 billion people, it “only” ended up being 393 million records; this online spambot breach reportedly involves 711 million records. The spambot had harvested email addresses and some passwords to send spam emails, but forgot to secure the server the data was kept on. Currently, it is unknown how many people have found this database and are using the information for their own nefarious purposes.

TalentPen and TigerSwan 

September 2, 2017: Over 9,000 documents containing the personal information of job seekers with Top Secret clearance were publicly available on an unsecured Amazon server for just over six months. UpGuard, a cybersecurity firm, found the public files in a folder labeled “resumes” and reached out to TigerSwan, a private security firm that owned the files. It was discovered that a third-party vendor that TigerSwan had ended their contract with—TalentPen—had failed to take down the files after they were transferred to TigerSwan in February. TalentPen left the files in a bucket site on Amazon Web Services without a password or any type of security until August 24, 2017 when Amazon contacted them about it; at that point, the files were taken down.


September 7, 2017: Equifax, one of the three largest credit agencies in the U.S., suffered a breach that may affect 143 million consumers. Due to the sensitivity of data stolen—including Social Security numbers and driver’s license numbers—this is being called one of the worst breaches ever. Hackers were able to gain access to the company’s system from mid-May to July by exploiting a weak point in website software; the breach was discovered by Equifax on July 29th, 2017 and at that time, they sought assistance from an outside forensics firm. Other compromised data is said to include full names, addresses, dates of birth, credit card numbers, and other personal information.

U.S. Securities and Exchange Commission (SEC)

September 21, 2017: Jay Clayton, Chairman of the SEC, issued a statement about cybersecurity and included details of a 2016 data breach. Clayton wrote that in 2016, a software vulnerability in the test filing component of the SEC’s EDGAR system was discovered and patched “promptly.” However, in August 2017, the SEC learned that incident “may have provided the basis for illicit gain through trading.” The vulnerability allowed access to nonpublic information, but the SEC does not believe there has been any unauthorized access to personally identifiable information.

SVR Tracking

September 21, 2017: SVR Tracking, a San-Diego based service that gives auto dealership and lot owners the ability to locate and recover vehicles, allowed more than half a million customer records to be leaked online. On September 18, Kromtech Security Center found 540,642 records in an unsecured Amazon S3 bucket and notified SVR Tracking of their findings on September 20; SVR secured the bucket within three hours. However, it is unknown how long the information was publicly available online and the data was quite sensitive in nature—it included email addresses, passwords, license plate numbers, VINs, and even the ability to see every single place a vehicle has been in the last 120 days.


September 25, 2017: A breach that affected Deloitte, a multinational professional services firm, in March came to light—and the reason is pretty embarrassing for a company that was once named the “best cybersecurity consultant in the world” by Gartner. The firm did not employ two-factor authentication, so when hackers acquired a single password from an administrator of the firm’s email account, they were able to access all areas of the email system. Investigators determined that Deloitte’s biggest clients were of interest to the hackers, but Deloitte insists only a small fraction of its clients have been impacted.


September 26, 2017: KrebsOnSecurity reported a breach at fast food chain Sonic after discovering a “fire sale” of millions of stolen credit and debit card numbers on the Dark Web. Sonic learned about the breach when its credit card processor notified them of unusual activity on customer payment cards. Sonic has almost 3,600 stores in 45 states, but it is not immediately known which locations were affected—the company is working with law enforcement and investigators to determine the true scope of the breach. 

Whole Foods Market

September 28, 2017: Whole Foods Market—recently acquired by Amazon—made a statement regarding the discovery of a recent breach of its payment systems. Individuals who shopped in the company’s grocery stores were likely not affected, but it is believed the unauthorized access occurred in Whole Foods locations with taprooms and full table-service restaurants. The company is currently in the middle of an ongoing investigation and has said it will provide additional updates as it learns more. It has also said that Amazon’s payment systems are not connected to Whole Foods and no Amazon transactions were impacted by the breach.


October 6, 2017: Disqus, a blog comment hosting service, revealed that it was targeted by hackers five years ago. The company had no idea it had been the victim of a data breach in 2012 until the website Have I Been Pwned?reached out with exposed user information it had found. In a statement, Disqus says it verified the authenticity of the data and found it was from their 2012 user database, which included information dating back to 2007. User email addresses, user names, sign-up dates, and last-login dates were among the stolen data; hashed passwords using SHA1 with a salt for approximately one-third of users were also public. Disqus does not believe there is any evidence of unauthorized logins, but it has reset the passwords of all affected users.

Yahoo! (Update)

October 9, 2017: In December 2016, it was reported that “more than 1 billion user accounts” may have been impacted by the 2013 Yahoo breach. Recent news, however, shows it was indeed more than 1 billion—much more. Four months after Verizon acquired Yahoo’s core internet assets, it was revealed that every single customer account was impacted by that breach; three billion Yahoo accounts—including email, Tumblr, Fantasy, and Flickr—were stolen. Even after thorough investigations, it is still unknown who was behind the 2013 Yahoo breach.

Hyatt Hotels

October 12, 2017: After suffering a data breach in December 2015, the Hyatt hotel chain has fallen victim to hackers again. The company discovered unauthorized access to its payment card information for debit and credit cards that were swiped at the front desks of some of its properties. Stolen information includes card numbers, expiration dates, internal verification codes, and cardholder names. At this point, Hyatt believes 41 of its properties in 11 countries were affected between March 18, 2017 and July 2, 2017. Only five properties in the U.S. were targeted: three were in Hawaii, while one was in Puerto Rico, and the other in Guam. Hyatt has provided a list of all affected properties that prior guests can check.

Forever 21 

November 14, 2017: Los Angeles-based clothing retailer Forever 21 announced that some of its customers may have been affected by a potential data breach. Upon receiving a tip from a third-party, Forever 21 launched an investigation and found certain point-of-sale (PoS) devices were compromised—likely between March and October of this year. The company said it implemented “encryption and tokenization solutions” in 2015 and that it appears the targeted PoS devices would have had encryption that was not operating. At the time of the announcement the investigation was still occurring, so it is not known how many people may have been impacted by this breach or who is responsible. Forever 21 customers are encouraged to keep an eye on their payment accounts and look for fraudulent charges.

Maine Foster Care 

November 14, 2017: Residents of Maine receiving foster care benefits had their personal information exposed on a third-party website outside of the State of Maine system. During a system upgrade on September 21, 2017, a contractor hired by Maine Office of Information Technology accidentally posted the private information, which included names of foster children and legal guardians, addresses, and Social Security numbers. The information was publicly available for approximately four and a half hours that day; once it was discovered, the data was removed from the site. The personal information was accessed once during that time period, but Maine’s Chief Information Officer Jim Smith said “there is no indication that there is any intent by a third party to misuse your personal data.”


November 21, 2017: The ride-sharing service giant Uber revealed that in late 2016, it became aware of a data breach that potentially exposed the personal information of 57 million Uber users and drivers. However, the company chose to pay the hackers $100,000 to keep the enormous data breach a secret, instead of immediately alerting those affected by the breach. How did this happen? Hackers did not gain access to Uber’s internal systems, but rather GitHub, a service that Uber’s engineers use to collaborate on software code. Two hackers downloaded the data stored on GitHub, which included names, email addresses, and phone numbers of Uber users worldwide. With our lives becoming busier by the minute, more and more people are relying on services like Uber to make their lives a bit easier and more convenient. Unfortunately, it’s becoming painfully clear that often times, that convenience comes at cost. Who would have thought that a simple ride to the airport could potentially cost you your identity?


November 24, 2017: Imgur, the online image-sharing community, had a lot to be thankful for on Thanksgiving—until it received a notification that day about a possible data breach from 2014. Troy Hunt, the owner of the website Have I Been Pwned, reached out to Imgur’s COO on November 23, 2017 to let him know that he had received data that seemed to include the emails and passwords of Imgur users. The company investigated, and by the next morning, had discovered 1.7 million users from 2014 had indeed had their email addresses and passwords stolen. Imgur contacted affected users immediately on November 24 and publicly disclosed the breach on their website that day as well.

TIO Networks

December 1, 2017: Due to a vulnerability in their network, TIO Networks, who was recently acquired by PayPal, may have compromised the identities of over 1.6 million customers. The compromised data includes bank account information, payment card information, passwords and usernames for accounts, and Social Security numbers. Although there has been no evidence that any of customer data has been stolen, they are still treating this incident as a data breach. PayPal is offering free credit monitoring services to those impacted by this breach.


December 10, 2017:  Due to a customer privacy leak, the personal information of many eBay customers, including usernames, first and last names, and purchase history, were made available via a Google’s Shopping platform.

The breach was due to “an improper feed signal” between the two companies. According to an eBay spokesperson, the companies are trying to find the root cause.  The purchase histories that were leaked revealed very sensitive products, such as HIV home test kits, pregnancy test, and drug testing kits. Within a couple days, the users real names were masked with dashes. This is just another example of one of the many ways that your personal information can become compromised, through no fault of your own.


December 19, 2017:  Alteryx, a California-based data analytics firm, was found culpable of not protecting the personal information of more than 120 million American households. The company had purchased this data from Experian, a giant credit reporting agency similar to Equifax. What we now know is that the exposed data was openly housed on an Amazon Web Services cloud storage bucket. All that anyone needed to access peoples’ private information was the URL, along with an Amazon AWS account. The impact of this breach is yet to be seen, but could very well be substantial based on the information that was available to potential cybercriminals. We will update this post as further details emerge.

Why Keep A Data Center in 2018?

Top reasons to keep a data center in 2018.

Many companies are asking why they should keep their data centers in 2018 since the move to cloud-based or service-based offerings. While Amazon’s AWS Cloud and Microsoft’s Azure Cloud have brought us many things, total and complete control over your hardware is not one of them and if you ask any entrepreneur, control is key. Below are our many reasons why to keep your data center in 2018.

2018 data center example

what a data center looks like in 2018

QOS Consulting CEO Aaron Mason

QOS Consulting Inc Appoints Chief Executive Officer

QOSC announces the appointment of QOS Consulting, Inc.’s CEO Aaron Mason to the new role of Chief Executive Officer

For Immediate Release

HOFFMAN ESTATES, IL – Tuesday, May 1, 2018 – QOS Consulting, Inc. (2400 Hassell Road, Suite 390, Hoffman Estates, Illinois 60169), an Information Technology Consultancy, Managed Service Provider, Solutions Provider, Data Center, and Software Developer, that specializes in Technology Outsourcing, has named Aaron Mason as Chief Executive Officer.

Mr. Mason is a seasoned technology executive with over 25 years of experience in Information Technology. Dedicated to turning innovative ideas into leading service offerings, Mr. Mason founded and held the position of President at QOS Consulting, Inc since its launch in 2007. QOS Consulting, Inc. reduces total cost of ownership with technology and delivers customized solutions that enable businesses. While at QOS Consulting, Inc., Mr. Mason has grown sales revenue year over year and has consistently proven to deliver on both his long-term and short-term goals. His industry experience in the SaaS, MSP, Development and Data Center space will position QOS Consulting, Inc. as a market leader in Illinois and many other areas.

“Excitement is an understatement; our quality of service will make us the standard to be measured against. Our key focus since 2007 has been to build strong working relationships, seek out customer feedback as often as possible and customize solutions/services to meet our customers’ needs. We’ve done that and done that well. 2018 has already been planned out, so right now my focus has been looking at 2019 and beyond. No business is without improvement, but we have been all about improvement since 2007. New market segments and product development is our next phase. We have some great technologies in development right now and unfortunately, I can’t say much about that just yet. Customer acquisition and efficient onboarding is going to be where I am putting my attention. Our employees are family and together we grow personally and professionally. I’m very proud of my work family.” stated Aaron Mason, the new Chief Executive Officer (CEO) of QOS Consulting, Inc.

About QOS Consulting, Inc.

QOS Consulting, Inc. serves businesses all over the greater Chicago, Illinois area, in addition to the many other states. The QOS Consulting team consists of junior and senior associates that specialize in Technology Department Management, Regulatory Compliance, Governance and Oversight, Cloud Computing, Data Center Management, Desktop and Server Support, Network Support and Architecture, Web and Application Development, Business Continuity and Disaster Recovery, Power and Cooling, Cabling, and so much more. To learn more, visit us online at or call us at 773.897.8700.

Media Postings:

107.7 Yes FM (Texas) View Release
1st Discount Brokerage View Release
740 KVOR View Release
93.7 The Eagle View Release
ABC 25 ( View Release
ABC 3 (WSIL – Illinois) View Release
ABC 4 (KITV – Honolulu) View Release
ABC 5 (KRGV – Texas) View Release
ABC 6 (WLNE – Rhode Island) View Release
ABC 7 (KLTV – Texas) View Release
ABC 7 (KSWO – Oklahoma) View Release
ABC 7 (WZVN – Florida) View Release
ABC 8 (KLKN – Nebraska) View Release
ABC 9 (KFBB – Montana) View Release
ABC 9 (KTRE – Texas) View Release
ABC 9 (WTVM – Georgia) View Release
ABC Kansas (KAKE) View Release
ABC News 25 (KXXV – Texas) View Release
AM 760 (KFMB – San Diego) View Release
AM 950 – 100.7 FM View Release View Release
Big Spring Herald View Release
BioOptics World View Release
Business Insurance View Release
Cabling Installation & Maintenance View Release
Carlsbad Current-Argus View Release
CBS 10 (KFDA – Amarillo) View Release
CBS 11 (WTOL – Ohio) View Release
CBS 12 (KFVS – Montana) View Release
CBS 19 (WOIO – Cleveland) View Release
CBS 2 (KTVN – Nevada) View Release
CBS 3 (WBTV – Charlotte) View Release
CBS 4 (KMOV – St. Louis) View Release
CBS 5 & NBC 12 (Pennsylvania) View Release
CBS 5 (KCTV – Kansas City) View Release
CBS 5 (WCSC – South Carolina) View Release
CBS 8 (KFMB – San Diego) View Release
CBS 9 (WAFB – Louisiana) View Release
CW 14 (WBCB – Ohio) View Release
CW 20 (WBXX – Tennessee) View Release
Daily Herald View Release
Daily Times Leader View Release
Deer Park Tribune View Release
Dental Economics View Release
Double T 97.3 FM View Release
Electric Light and Power View Release
Fat Pitch Financials View Release
Fox 10 (KTMF – Missoula) View Release
Fox 12 (KPTV – Oregon) View Release
Fox 19 (WXIX – Cincinnati) View Release
Fox 21 (EBOC – Maryland) View Release
Fox 28 (KAYU – Washington) View Release
Fox 29 (WFLX – West Palm Beach) View Release
Fox 34 (KJTV – Texas) View Release
Fox 40 (WICZ – New York) View Release
Fox 41 (WDRB – Kentucky) View Release
Fox 5 (KVVU – Las Vegas) View Release
Fox 54 (WFXG – Augusta) View Release
Fox 6 (WBRC – Alabama) View Release
Fox 8 (WVUE – New Orleans) View Release
Great American Financial Resources View Release
Guymon Daily Herald View Release
Hawaii News Now (CBS & NBC) View Release
Industry Week View Release View Release
Inyo Register View Release
KAIT 8 (ABC & NBC – Arkansas) View Release
KFM-BFM (100.7 FM San Diego) View Release
KFVE The Home Team (Hawaii) View Release
KSLA News 12 (Louisiana) View Release
KUAM News (Guam) View Release
Las Vegas Business Press View Release
Laser Focus World View Release
Lexington Herald-Leader ( View Release
Lubbock CW View Release
Magic 106.5 FM View Release
Malvern Daily Record View Release
Mammoth Times View Release
Marketplace View Release
Milwaukee Wisconsin Journal Sentinel View Release
Minyanville View Release
Modesto Bee View Release
Morning News View Release
My Lubbock TV View Release
My Mother Lode View Release
NBC 10 (WIS – South Carolina) View Release
NBC 10 (WMBF – Myrtle Beach) View Release
NBC 11 (KCBD – Texas) View Release
NBC 12 (WSFA – Alabama) View Release
NBC 12 (WWBT – Virginia) View Release
NBC 14 (WFIE – Indiana) View Release
NBC 16 (WBOC – Maryland) View Release
NBC 17 (WAND – Illinois) View Release
NBC 2 (WBBH – Florida) View Release
NBC 21 (WFMJ – Ohio) View Release
NBC 29 (WVIR – Virginia) View Release
NBC 3 (WAVE – Louisville) View Release
NBC 3 (WLBT – Mississippi) View Release
NBC 40 & CBS (WNKY – Kentucky) View Release
NBC 48 (WAFF – Alabama) View Release
NBC 5 ( View Release
NBC 5 (WMC-TV – Tennessee) View Release
NBC 6 (KHQ – Spokane) View Release
NBC 6 (WECT – North Carolina) View Release
NBC 7 (KPLC – Louisiana) View Release
NBC 8 (KULR – Montana) View Release
NBC Washington (KNDO 23 – KNDU 25) View Release
New Zealand Mirror View Release
Newport Daily Express View Release
News Channel 6 (CBS – Texoma) View Release
News OK View Release (KWTV – Oklahoma) View Release
NewsCenter1 (NBC – South Dakota) View Release (KOTV – Oklahoma) View Release (NBC 9 – Texas) View Release (ABC 7 – KLTVSP) View Release
Observer News Enterprise View Release
Oldies 97.7 FM View Release
Pettinga View Release
Pittsburgh Post-Gazette View Release
Power Engineering View Release
Press Telegram View Release
Restaurant News View Release
RFD TV View Release
Rock 96.9 FM View Release
Rockford Register Star View Release
San Diego Union-Tribune View Release
San Luis Obispo Tribune View Release
Scribd View Release
Search Bug View Release
Silicon Investor View Release
Silicon Valley View Release
SNJ Today View Release
Star Tribune View Release
Starkville Daily News View Release
Statesman Examiner View Release
Street Insider View Release
SWX Right Now View Release
Telemundo 20 (KTLE – Odessa) View Release
Telemundo Amarillo (KEYU) View Release
Telemundo Lubbock View Release
Telemundo New Mexico View Release
The Buffalo News View Release
The Charlotte Observer View Release
The Evening Leader View Release
The Network Journal View Release
The Pilot News View Release
The Post & Mail View Release
The Saline Courier View Release
The Times of Texas View Release
Travel Weekly View Release
Tucson News Now (KOLD-TV 13) View Release View Release
Valley City Times Record View Release
Value Investing News View Release
WALB News 10 (ABC & NBC – Georgia) View Release
Wall Street Select View Release
WDAM 7 (ABC & NBC – Mississippi) View Release
WENY-TV Twin Tiers (CBS, ABC & CW 2) View Release
WLOX-TV (ABC & CBS – Mississippi) View Release
WorldNetDaily View Release
WRAL TV View Release
WTOC-TV 11 (Georgia) View Release