Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO
Experian Have to Learn from Past Errors And Implement A Constant Monitoring System
Working in the security industry, I have actually constantly felt my work was hard to explain to the typical person. Over the last few years, that has actually altered. Sadly, we are seeing a new data breach revealed every couple of weeks, with a lot more that are kept private. These breaches are getting front page attention, and I can now discuss to my friends what I do without losing them after a couple of sentences. Nevertheless, I still question what it is we’re learning from all this. As it ends up, lots of companies are not learning from their own mistakes.
Experian, the international credit reporting firm, is a company with a lot to learn. Several months ago Experian revealed it had found its servers had been breached and customer data had actually been taken. When Experian revealed the breach they reassured consumers that “our consumer credit database was not accessed in this incident, and no credit card or banking information was obtained.” Although Experian took the time in their statement to reassure their consumers that their financial info had not been stolen, they further elaborated on what data in fact was stolen: consumers’ names, addresses, Social Security numbers, birth dates, driver’s license numbers, military ID numbers, passport numbers, and additional details utilized in T- Mobile’s own credit assessment. This is frightening for two reasons: the first is the type of data that was taken; the 2nd is that this isn’t really the very first time this has taken place to Experian.
Although the hackers didn’t walk away with “credit card or banking details” they did leave with individual data that could be exploited to open new credit card, banking, and other monetary accounts. This in itself is a reason the T-Mobile consumers involved ought to be concerned. However, all Experian clients need to be a little nervous.
As it turns out, this isn’t the very first time the Experian servers have actually been compromised by cyber attackers. In early 2014, T-Mobile had announced that a “reasonably small” number of their clients had their personal details stolen when Experian’s servers were breached. Brian Krebs has an extremely well-written blog post about how the hackers breached the Experian servers the very first time, so we won’t get into excessive detail here. In the first breach of Experian’s servers, hackers had made use of a vulnerability in the company’s support ticket system that was left exposed without initially requiring a user to validate before utilizing it. Now to the frightening part: although it has become extensively known that the cyber attackers utilized a vulnerability in the company’s support ticket system to gain access, it wasn’t up until not long after the second hack that their support ticket system was closed down.
It would be difficult to believe that it was a coincidence that Experian decided to take down their support ticket system mere weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: what did Experian learn from the first breach where clients got away with sensitive client data? Companies who store their customers’ sensitive details need to be held responsible to not just protect their consumers’ data, but if likewise to make sure that if breached they patch the holes that are discovered while examining the cyber attack.
When businesses are examining a breach (or potential breach) it is necessary that they have access to historic data so those investigating can try to piece back together the puzzle of how the cyber attack unfolded. At Ziften, we supply a service that allows our clients to have a constant, real time view of the whole picture that occurs in their environment. In addition to providing real time visibility for discovering attacks as they take place, our constant monitoring solution records all historic data to allow consumers to “rewind the tape” and piece together what had happened in their environment, despite how far back they have to look. With this new visibility, it is now possible to not only discover that a breach happened, but to also discover why a breach occurred, and hopefully learn from past mistakes to keep them from taking place once again.