An organisation must assume that its security measures may be breached, and the information itself must be a crucial focus for protection through encryption.
On Saturday, Vodafone Group plc (LON:VOD) stated that hackers had breached the accounts of about 2,000 of its clients. It’s the second cyber-attack launched against British telecom organisations during this month after the larger attach against Talk Talk.
A Vodafone spokesperson said that the hackers had possibly gained access to the clients’ last four numbers of their bank accounts and their bank sort codes, their telephone numbers, and their names.
Only a handful of the affected customers in the breach had noticed attempts to use their personal data for fraudulent activities on their accounts held at Vodafone.
Vodafone’s spokesperson said that the hackers hadn’t obtained any credit or debit card numbers or details. But the information does affect the 1,827 customers, who’re vulnerable to fraud and phishing attempts. Vodafone was contacting all the customers involved and said other customers mustn’t be worried.
Andy Heather, who is the VP EMEA at HPE Security – Data Security stated that the breach stresses the need for organisations to place stronger controls on the protection of their customers information. If information is left unprotected, it will be compromised at some point in time.
Heather said that an organisation must assume that its security measures may be breached, and the information itself must be a crucial focus for protection through encryption. The protection must involve all possible sensitive data, which isn’t only financial related information.
Heather continues that many leading organisations already use format-preserving encryption for the protection of data. A data-centric approach to data protection and security leaves hackers with unusable encrypted data and not the present results where customers’ personal information is vulnerable to attacks from cyber criminals.
Andy Heather says theft of financial data, account data, or credit card data has a limited span of use until the victim of such theft changes the details of the account etc. However, personal details can be obtained using a person’s account profile and have a broader range of use to commit a variety of identity and fraud theft and cannot be modified.
The value of personal data to cybercriminals has an increased value. For example, a single stolen credit card may be sold for $1 but if it’s sold with a complete identity profile, the price can increase to $500. Considering the cybercriminals know exactly the value of personal information, we must expect that a responsible company pays the right attention to keeping our personal data safe. Data encryption is crucial to protect client data throughout its entire lifecycle, not just when it’s stored, wherever the information is, and however it’s being used within the company. This, together with a strong security stance is the only way to prevent criminals from taking advantage of stolen information.