Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO
Experian Have to Learn from Mistakes Of The Past And Implement A Continuous Monitoring Solution
Operating in the security industry, I have actually constantly felt my job was hard to explain to the average individual. Over the last few years, that has changed. Regrettably, we are seeing a new data breach announced every few weeks, with much more that are kept secret. These breaches are getting front page headlines, and I can now describe to my friends what I do without losing them after a few sentences. However, I still question exactly what it is we’re learning from all this. As it turns out, lots of companies are not learning from their own errors.
Experian, the international credit reporting firm, is a company with a lot to learn. Numerous months ago Experian revealed it had discovered its servers had actually been breached and that consumer data had been taken. When Experian announced the breach they reassured customers that “our consumer credit database was not accessed in this event, and no payment card or banking information was taken.” Although Experian put in the time in their statement to reassure their clients that their financial details had actually not been stolen, they further elaborated on what data really was stolen: customers’ names, addresses, Social Security numbers, date of birth, driver’s license numbers, military ID numbers, passport numbers, and additional information used in T- Mobile’s own credit assessment. This is scary for 2 reasons: the very first is the type of data that was stolen; the 2nd is the fact that this isn’t the very first time this has actually occurred to Experian.
Although the hackers didn’t leave with “payment card or banking details” they did leave with individual data that could be exploited to open brand-new charge card, banking, and other financial accounts. This in itself is a factor the T-Mobile clients included need to be concerned. However, all Experian customers should be a little nervous.
As it turns out, this isn’t the very first time the Experian servers have been compromised by cyber attackers. In early 2014, T-Mobile had actually revealed that a “relatively small” number of their consumers had their individual information stolen when Experian’s servers were breached. Brian Krebs has a really well-written post about how the hackers breached the Experian servers the very first time, so we won’t enter into too much detail here. In the first breach of Experian’s servers, hackers had actually exploited a vulnerability in the organization’s support ticket system that was left exposed without first requiring a user to verify before using it. Now to the scary part: although it has actually ended up being extensively known that the hackers made use of a vulnerability in the company’s support ticket system to provide access, it wasn’t up until not long after the 2nd hack that their support ticket system was shut down.
It would be difficult to imagine that it was a coincidence that Experian chose to close down their support ticket system just weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: what did Experian find out from the first breach where consumers got away with delicate consumer data? Companies who store their customers’ delicate info must be held accountable to not only secure their consumers’ data, but if likewise to ensure that if breached they plug up the holes that are found while examining the cyber attack.
When businesses are examining a breach (or prospective breach) it is crucial that they have access to historical data so investigators can try to piece back together the puzzle of how the attack unfolded. At Ziften, we offer a system that enables our customers to have a constant, real-time view of everything that takes place in their environment. In addition to offering real time visibility for discovering attacks as they occur, our continuous monitoring system records all historical data to allow customers to “rewind the tape” and piece together what had taken place in their environment, no matter how far back they need to look. With this brand-new visibility, it is now possible to not just learn that a breach occurred, but to also discover why a breach occurred, and ideally learn from previous errors to keep them from occurring again.