When a company has a break down in its processes blame is assigned based on whom the process owner is and the individual(s) responsible for completing the missed or an improperly executed task. When a low-level process is broken such as the case was with Experian and the missing Apache Struts patch that allowed an attacker to gain a foothold in their information system and steal 152 million records, I see little reason to start chopping off the heads of senior leadership. Processes should be reviewed at a regular interval that is appropriate for the businesses operational environment (annually, semi-annually, quarterly, or monthly). In Experian’s case, I believe there was a systematic breakdown where the process was broken, and no one up the chain of command was notified. A CIO and CSO at a company as large as Experian don’t have the time or resources to personally check-up on every department nor should they be required to micro-manage. Mid-level and upper-level management should be feeding data to the C-suite at their meetings and if something was off or missing it should’ve been addressed. (more…)
Recently there has been a massive data breach that exposed millions of people. Upon installing the Ai.Type keyboard the application requested full access to your phone which recorded every letter or number you typed. Why would a keyboard and emoji application need to gather the entire data of the user’s phone or tablet? Great question. (more…)
A data breach is a cataclysmic invasion of privacy which can wreak havoc on both businesses and private individuals. 2017 surpassed the total number of data breaches in 2016 by mid-year. Today we touch up on what to do after a data breach. (more…)
Forever 21 implemented encryption and tokenization in 2015, but it appears the security measures were not implemented at some point-of-sale machines. On Tuesday Forever 21 was notified by a third-party that there “may have been unauthorized access to data from payment cards” between March 2017 and October 2017. (more…)
What is Equifax? It’s a consumer credit reporting agency. Recently, on September 18, 2017, Equifax noticed it was a victim to what turned out to be one of the largest security breaches in history, and in early March it had begun “notifying a small number of outsiders and banking customers” about this attack.
Equifax was warned months before the breach about vulnerabilities (more…)