By Tuan Nguyen
Posting in Technology
A recent security breach at Honda allowed thieves to gain access to personal information belonging to millions of people. Can big companies keep your personal info safe?
A recent security breach at Honda Motor Company allowed thieves to gain access to personal information belonging to millions of people.
While no one's financial information or social security number was stolen, the hackers did collect e-mail addresses and Vehicle Identification Numbers belonging to 2.2 million car owners, the Columbus Dispatch reports.
The concern is that the cybercriminals can use the information to send out e-mails and trick customers into clicking on malicious sites.
This latest incident is just another example of the rising threat that cybercriminals pose to large companies that maintain massive databases of customer information. But in a less obvious way, the trend also exposes some flaws in the way large companies and other institutions safeguard such information.
Over the past year, large corporations such as McDonald's, Citibank and Walgreen's have had their customer databases breached by clever tech-savvy crooks. In August, the social security numbers, grades and other private information of 40,000 former University of Hawaii students were made public. An employee who had been using the data to conduct internal research inadvertently kept the information on an unencrypted server.
Since 2008, more than 2.3 million college records have been compromised, according to a report by Application Security Inc., a database security company.
For the University of Hawaii, it was the third time they've had a major foul-up of this sort over the course of a year. And each time, the school reassured the public that it would work harder to improve it's data systems, according to a news report by the Associated Press.
With Honda, as is the case with many large companies, the private data was managed by a third-party vendor. Graham Cluley, a senior technology consultant at the security software and hardware company Sophos, noted that the practice of outsourcing the responsibility of managing and protecting customer data comes with certain risks. On Sophos' website he writes:
"There's an important lesson that more companies can learn from cases like this. You don't just need to ensure that you are taking enough care about the security and protection of the private customer data you store - you also need your partners and third-party vendors to follow equally stringent best practices.
It may not be your company who is directly hacked, but it can still be your customers' data that ends up exposed, and your brand name that is tarnished."
No security system is perfect. And as long as we live in a technologically-managed world, large-scale security breaches will happen from time to time. But taking a closer look at the flaws in a security system just might prevent the ones that can be prevented.
Jan 3, 2011
...but small ones, like your doctor's office. Usually these are places with little to now IT oversight or expertise on staff to keep technology or processes secure.
Seems as if no company really cares to protect customer information, or they just are not capable. You would think that this is a business opportunity for someone to start some sort of "Info Safe" company whose primary business is to protect data in the "cloud";
If you want to close the gaping holes in corporate information systems, then you need to present C-level managers and above with real-world risks ($$$) for losing confidential data. They are aware of threats, but nothing provides an incentive for taking corrective/mitigating actions like the threat of monetary loss when you screw up. Pass a few regulations that kick them in the shins when they lose data, and they will spend time and money implementing measures that will minimize the threat of losing data, which they don't own.