Just when the global insurance industry named data security among its top worries due to the high volumes of sensitive data held; yet another major producer of ‘information-rich’ identity data has been breached. Experian announced a “major unauthorized acquisition of information from a server that contained data on behalf of one of its clients, T-Mobile, USA”. Some 15,000,000 records!
Every organisation that holds, uses or builds large volumes information rich data must be concerned that when the data is stored and/or transmitted it is protected by the best encryption technology. The consequences of unencrypted data getting into the hands of cyber-criminals are enormous and far reaching.
While Experian has apologised for the breach, that will be little comfort to its major customer – T-Mobile – whose own customers will in turn suffer the consequences.
T-Mobile’s angry statement makes it clear Experian’s brand integrity has suffered greatly, especially because it is in the business of building and maintaining information-rich data.
Indeed, so too will T-Mobile’s own brand suffer because its own customers also trusted it to use their sensitive information without risk to them.
By Juha Saarinen 2 October 2015
Sensitive data for around 15 million T-Mobile customers stolen.
A massive data breach at credit application processing firm Experian has leaked sensitive personal data for at least 15 million customers.
Experian is the world’s largest credit checking agency and has international operations, including in Australia.
The breach earned the company an angry spray from US boss of German telco and Experian customer T-Mobile, John Legere.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote.
“I take our customer and prospective customer privacy very seriously. This is no small issue for us.”
Senetas high-assurance security comments
We live in a new ‘information age’ – the ‘information threat’ age. Cyber-criminals have exposed every individual, business and government agency to a myriad of data security risks – some of which may adversely affect victims for many years.
As the use of external data centres, Cloud services and a range of on-line services exponentially grows, so too do the volumes of information-rich data. That rapid data growth comes with increasing risks of cyber-crimes. That’s obvious.
But, any organisation using high-speed Layer 2 data networks – Ethernet WANs etc. – must also protect that transmitted data from cyber-threats. The optimal solution is dedicated, authenticated encryption, using best in class encryption key management. Only then will a successful breach simply result in meaningless data in the hands of unauthorised parties.