GDPR: Report – Reddit hack: data held in 2007 exposed

gdprreport-logogReddit, the website supporting discussion and content ratings, has confirmed it was subject to a data breach, affecting all data held in 2007 and before and email digests sent in June of this year.

“Although it was a serious attack,” said Reddit in a statement, “the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs.”

Jason Hart, CTO, Data Protection at Gemalto said: “Network intrusions like this are inevitable. The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed. Even with multi-factor authentication deployed, the Reddit breach still occurred. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Silicon: Reddit Confirms ‘Serious’ Hack Of User Data

siliconReddit knew of ‘security incident’ since 19 June but only alerted users more than a month later

More than a month since it happened, Reddit has this week confirmed that it has suffered what it is calling a ‘security incident’.

“Network intrusions like this are inevitable,” explained Jason Hart, CTO of data protection at Gemalto. “The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed.”

“Even with multi-factor authentication deployed, the Reddit breach still occurred,” said Hart. “Two years ago NIST made recommendations for companies to consider stronger forms of MFA like token-based authentication. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Computer Business Review – MyHeritage Hack: “Future Hackers Could Amend Stolen DNA”

cbr-logoNo DNA data has been lost as a result of a hack at genealogy and DNA testing website MyHeritage that resulted in the leak of 92,283,889 email addresses and hashed user passwords the company has claimed.

“Sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised,” the Israel-based company said.

Gemalto CTO of Data Protection Jason Hart said: “This reinforces again that being breached is not a question of ‘if’ but ‘when’. Perimeter defences are just what they are, first lines of defence. When those fail, the only way data can be protected is to encrypt it. It is especially important that sensitive personal data is always be encrypted. That way, if the data is stolen it is useless to the thieves.”

He added: “MyHeritage noted that it plans to add additional protective measures in the future. While it appears that MyHeritage hashed its passwords, this is a weak form of protection. Given today’s security climate, all online companies should have multi-factor authentication activated by default for all online accounts as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Business Today – Data theft increased by 783% in India in 2017, says study

business-todaySome 3.24 million records were stolen, lost or exposed in India in 2017, according to Breach Level Index study by digital security firm Gemalto. This number has increased by a whopping 783% over the previous year. The study tracks and analyses data breaches, the type of data compromised and how it was accessed, lost or stolen in the last five years.

“The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.
To read the full article click here.

SC Magazine UK – Greenwich University Breach costs university £120,000

scmediaGreenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio.

Greenwich University has been fined £120,000 after a security breach at the university resulted in the leak of 19,500 students’ data to the internet, according to Signavio. This data included names, addresses, date of birth, phone numbers, signatures and in some cases, physical and mental health problems.

Jason Hart, CTO of Data Protection, Gemalto concludes: “This should be a reminder for organisations around the world to dig deep when it comes to protecting their data. If businesses don’t know where it is or whether it’s properly secured then they are leaving themselves and their customers vulnerable. While many are taking steps to improve their data security, the fact that some breaches can lay undiscovered for three years leaves little doubt that there is still work to do before there is widespread GDPR compliance. In order to adequately protect their data, businesses must regularly audit and ensure security controls, such as encryption and key management are implemented, whether the data is being stored or used in a transaction”.

To read the full article click here.

CSO Online – Let’s get serious about security: 2.6 billion records stolen or compromised in 2017

csoonlineGemalto’s 2017 Breach Level Index found 2.6 billion records were compromised in 2017, as well a number of new data breach tactics. Breached or exposed data is not only a headache for security teams. It also impacts brand reputation, customer confidence and stock prices, but risk can be managed by mapping out where data resides.

Gemalto, my employer, recently published the latest research from its Breach Level Index (BLI), sharing that 2.6 billion records were stolen, lost or exposed worldwide during the year of 2017. A global database, the BLI follows and studies breaches, the types of data compromised and how it was accessed or lost.

To read the full article click here.

IT Pro – UK businesses failing basic security measures

itproBritain’s business are still ignoring basic security fundamentals, with almost half failing to implement foundational security protections. This is according to the annual Cyber Security Breaches Survey, conducted by the Department for Digital, Culture, Media and Sport to assess the security awareness and preparedness of businesses in the UK, which found that many UK companies are not following the basic security steps laid out as part of the government’s Cyber Essentials scheme.

“While it’s troubling to hear that almost half of UK businesses have experienced a cyber attack in the past year, the actual volume of these incidents is likely considerably higher,” said Gemalto’s CTO and former ethical hacker, Jason Hart. “In fact, we’ve seen from our Breach Level Index that almost as many data incidents are caused by accidental loss, as malicious outsiders.”

To read the full article click here.

 

Cybersecurity Insiders – Fancy Bear Leaks Documents Allegedly Stolen from International Luge Federation

cybersecurity_insiders_logoFancy Bear has leaked what it asserts are documents stolen from the International Luge Federation (ILF) two weeks ahead of the 2018 Winter Olympics.

On 24 January, the digital espionage group posted a statement explaining its motivation for conducting what it calls “OpOlympics”:

Jason Hart, CTO of Data Protection at Gemalto, is familiar with the 2016 incident…

MUCH LIKE FANCY BEARS’ HACK OF THE WORLD ANTI-DOPING AGENCY’S (WADA) WEBSITE LAST YEAR, THESE DOCUMENTS NEED TO BE TAKEN WITH A PINCH OF SALT, AS THE HACKING GROUP HAS A HISTORY OF CHANGING THE DATA THEY STEAL TO SUIT THEIR OWN PURPOSES. THIS DATA MANIPULATION POSES AN ARGUABLY GREATER THREAT TO ORGANIZATIONS THAN SIMPLE DATA THEFT, AS IT CAN ALLOW HACKERS TO ALTER ANYTHING FROM STOCK OR SALES NUMBERS AND IN THIS CASE, POTENTIALLY THE REPUTATIONS OF INNOCENT ATHLETES.

To read the full article click here.

Cyber Security Hub – Cyber Security: Who’s In Charge?

cyber-security_1_0It’s no mystery that the threat landscape has intensified, widened and spooked many security practitioners around the globe. Between breach anxiety amongst the C-Suite, the increasing perimeter size of large enterprises, numerous endpoints tapping into the network and a glaring disconnect between departments, cyber security is still an often-overlooked facet of the business. This, of course, should not be so.

In recent years, the threat vectors have multiplied and security practitioners have been forced to deploy various solutions to mitigate – or attempt to mitigate – the many network dangers.

According to Gemalto’s 2017 Breach Level Index report, a whopping 2 billion data records were lost or stolen via cyber-attacks in the first part of 2017. Gemalto’s Vice President and Chief Technology Officer for Data Protection, Jason Hart, also added that two-thirds of firms breached had their share price negatively impacted. Of 65 companies evaluated, breaches cost shareholders $52.4 billion.

To read the full article click here.

CSO Online – Data breaches are taking a toll on customer loyalty

csoonlineData breaches are happening on a daily basis. And as the number of breaches has soared, the scale of attacks has escalated as well. According to the Breach Level Index, 1.9 billion data records worldwide were compromised during the first half of 2017 due to 918 data breaches. The number of lost, stolen or compromised records increased by an overwhelming 164 percent compared to the last six months of 2016. (Disclosure: the Breach Level Index is operated by Gemalto, where I am employed.)

This year saw major security incidents affecting numerous high-profile corporations such as Equifax and Deloitte. And the consequences of such breaches now appear to be moving beyond the direct financial impact. As businesses struggle to maintain and protect consumer data, consumers are growing wary of both the attitude and practices those organisations take in order to do so.

To read the full article click here.