Managing the security of big data has become increasingly more complex as threat actors continue to maliciously exploit legacy and outdated systems of smaller and medium-sized firms. In this paper, we explore Astoria Company’s data breach, whereby the attacker exfiltrated vast amounts of confidential user data by exploiting MySQL and PHP-based vulnerabilities in a popular database management tool. Furthermore, we analyze the attack methodology of the perpetrator and the range of impacts incurred by the breach. The novelty of this paper is centered primarily on the range of defensive solutions we propose for the firm and for similar companies to deter and mitigate such attacks. These defensive solutions and risk mitigation strategies range from relatively low-cost software updates to more wide-ranging IT governance changes. The aim of this paper is to highlight the increasing need to safeguard the security of the big data held by smaller businesses, which have become prime targets for such type of attacks.