Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: IT Wiser
When Data Breaches Are Just Too Easy
Most of the time it takes a pretty sophisticated attack to get into secure computers for the purposes of pulling off a data breach. Yet that is not always the case. Sometimes companies or organisations make it far too easy. Such is the case with a company that works with the Driver and Vehicle Licensing Agency (DVLA) to manage parking ticket collection and processing. Apparently, the company's network has a back door link that, when followed, gives anyone access to years’ worth of data.
According to Yahoo! News, a private parking company inadvertently sent the link to a motorist hoping to pay parking fines online. The motorist sent the link to a consumer activist who then published it on Twitter. Finally, Sky News picked up the link and discovered they instantly had access to all sorts of data. They were able to see drivers’ names and addresses along with other information that is only supposed to be available to police and law enforcement organisations. Even more alarming is the fact that they were able to access e-mail communications between the agency and motorists appealing their fines.
PaymyPCN.net, the company that was inadvertently hacked by the back door link, says it takes customer security very seriously. Officials say the data entered into their servers by consumers paying their fines is protected by encryption. Nonetheless, following the link gave Sky News free access to a lot of potentially damaging information.
This is no small problem in light of the fact that the breached data directly affects more than 10,000 drivers. The information contained in DVLA records is sufficient to steal anyone's identity easily with very little effort. This is one data breach that was just too easy; it is one that never should have happened.Carelessness or Ignorance
Officials at PaymyPCN.net and the DVLA should now be asking whether the data breach was a matter of carelessness or ignorance. If it was carelessness, corrective action should be taken against those who allowed it to happen. If it is a case of ignorance, perhaps both organisations need internal and external security audits to figure out what their vulnerabilities are. Audits are designed to expose weaknesses within networks in order to prevent these kinds of attacks.
Here at IT Wiser, security audits are just one of the services we offer our clients. Our external audits look at web hosting companies, third-party vendors and others outside of the client network that could be exposing them to cyber-attacks. Internal audits examine the details of the local area network to uncover potential vulnerabilities. The combination of both audits goes a long way toward making a network highly secure.
Your business is too important to be put at risk by a potential data breach. We urge you not to take network security for granted under any circumstances. You may not be making a data breach as easy as PaymyPCN.net, but the modern hacker is far too sophisticated to rely solely on links published on Twitter. Today's hacker knows how to break into even the most secure networks without much assistance. You need regular audits to keep your network secure.