Last month the insurance industry’s banana skin report listed data breach security as one of the major areas of concern for the coming year.
This shouldn’t come as a surprise, given the volume on sensitive data involved in financial service transactions. However, being concerned and doing something about it seem to be different things entirely.
Experian, a producer of identity-oriented data, suffered a major breach last week; or, as they preferred to put it “a major unauthorised acquisition of information”. Whatever spin you put on it, the 15 million records that were stored on the TMobile server were compromised.
Every organisation that holds, uses or builds large volumes information rich data must be concerned that when the data is stored and/or transmitted it is protected by the best encryption technology. The consequences of unencrypted data getting into the hands of cyber-criminals are far reaching.
While Experian has apologised for the breach, that will provide little comfort to TMobile customers, who will ultimately suffer the consequences. The angry response to the breach by TMobile boss John Legere will do nothing to improve the integrity of the Experian brand, but their own brand will have suffered by association.
By Juha Saarinen 2 October 2015
Sensitive data for around 15 million T-Mobile customers stolen.
A massive data breach at credit application processing firm Experian has leaked sensitive personal data for at least 15 million customers.
Experian is the world’s largest credit checking agency and has international operations, including in Australia.
The breach earned the company an angry spray from US boss of German telco and Experian customer T-Mobile, John Legere.
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote.
“I take our customer and prospective customer privacy very seriously. This is no small issue for us.”
Read the full article at ITNews
Senetas High-Assurance Security Comments
We live in a new information age – the ‘information threat’ age. Cyber-criminals have exposed every individual, business and government agency to a myriad of data security risks; some of which may adversely affect victims for many years.
As the use of external data centres, online services and cloud computing continues to grow, so does the volume of information-rich data we exchange. This increase in data volume, brings with it an increased risk. Any organisation using high-speed Layer 2 data networks (Ethernet WANs etc.) must also protect that transmitted data from cyber-threats.
The optimal solution is dedicated, authenticated encryption, using best in class encryption key management. Only then will a successful breach simply result in meaningless data in the hands of unauthorised users.