Here is a funny statement:
"Experian stored users’ Social Security numbers and ID numbers in “encrypted fields,” but admits in that “Experian has determined that this
encryption may have been compromised.”
So, the company that we entrust our Credit History and personal information has implemented encryption but not in a secure way.
So, Let's remember:
Encryption is NOT EQUAL to SECURITY.
It is just a technology so, it can help security but does not become security.
We still need proper Design, Implementation and processes in place to get (one layer) of security.
Defense in Depth is the key.
From the Article:
News broke last night however that any customers who applied for a credit check for service or device-financing over the last few years may have had their information compromised in the breach.
Specifically, information stored on a server at one of Experian’s business units pertaining to T-Mobile USA customers from Sept. 1, 2013 to Sept. 16, 2015 appears to have been accessed.
Several years ago the credit agency indirectly sold a cache of consumer information to a Vietnamese national, Hieu Minh Ngo after he maintained he was a private investigator. Ngo essentially got access to a database of social security numbers for some 200 million Americans and then sold that information via identity theft websites.
For more info:
No comments:
Post a Comment