All Customer Data Is Valuable to Hackers
In November UK based postcard-sending service company Touchnote reported to its customers that its systems had been breached resulting in the theft of some customer data. In reporting the incident, the company pointed out that passwords are not stored as text, and, that only the last four digits of customers’ payment card numbers are saved. Thus, full credit and debit card numbers, expiration dates, and security codes are not at risk from this attack. However, the company’s investigation did reveal that that the hackers had managed to steal names, email addresses, postal addresses, order history and some dates of birth.
While the stolen information cannot, by itself, be used to execute financial transactions, it is important to note how the data could be used by criminals to trick victims into handing over more sensitive information. In response to this threat the company is advising its customers that any legitimate emails will never ask recipients to provide such private information.
Interviewed in SecurityWeek about this breach, Mark Bower, global director of product management for HPE Security, reminded: “There’s simply no excuse today not to follow best practices of encrypting all sensitive personal and financial data as it enters a system, at rest, in use and in motion. The ability to render data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.”
We agree with the point emphasized here that businesses need to think about protecting all personal information about their customers such as name, address, phone number and email address. Criminals can use this information to open bogus accounts or sell it for use in more targeted larger-scale phishing or identity theft attacks.
It is with this goal in mind that we are helping our customers address the increased risk of malicious or accidental leakage of sensitive business-critical as well as personal customer data across their network including cloud storage.
Implementing an appropriate Data Loss Prevention solution can assist in security by enabling visibility to sensitive information and helping enforce the organization’s information governance rules for handling this data as it is stored or moves within the organization.
Cyberattacks will try to steal enterprise data, intellectual property and employee or customer personal data. Hackers are always looking for a way to exploit information in any way that they can profit from in any way.