Telefonica hit by data breach possibly exposing full customer data
NEWS: El Espanol claimed that the breach left identity and payment information vulnerable and was similar to a serious failure that in July 2017 hit Spain’s LexNET system serving the legal profession, leaving personal data accessible to intruders without a high level of technical skill. Read full article
“This sort of data exposure is why so many organizations who transact with customers online – from the banking and finance sector to eCom and major retailers – are layering in advanced security solutions, such as passive biometrics and behavioral analytics. In doing so, they’re shifting from “let’s make our company a bunker for everyone” to “let’s leave the bunker for risky users only.” They do so by using technology that doesn’t rely on data that could have been exposed in a breach, thus preventing post-breach damage.
“For years now, many top merchants and financial institutions have incorporated passive and active biometrics and behavioral analytics to verify customer identities online. By analyzing hundreds of indicators derived from the user’s online behavior, companies don’t have to rely on passwords, payment data, and other leaked information to make an authentication decision. Removing the organization’s reliance on ‘things users know’, companies are far less vulnerable to the data exposed by leaks and breaches.
“Passive biometrics technology cannot be mimicked by hackers, and helps break the chain of perpetual fraud that grows whenever customer data is breached and stolen.”
Ryan Wilk, Vice President of Customer Success, NuData Security, a Mastercard company:
“A major breach potentially impacts millions of the clients of Telefonica, a global top 10 telecommunications company with over $53 billion in revenue. Telefonica cannot at present ascertain the potential impact – that will take time to understand. Surprisingly, the Telefonica customer data was easily downloadable as an unencrypted spreadsheet. Moral of the story? Cyber attackers will get into any network sooner or later. End-to-end encryption would have provided safe harbor for Telefonica if they used it to protect the data. With encryption there would be no breach to report under GDPR as stolen encrypted data would be unusable. Now that GDPR is in effect the Telefonica customer notifications and follow-up must be done in a compliant, and potentially expensive way. Finally, this breach, as do any others that happen in the E.U. today, now presents the risk of an unknown and potentially expensive GDPR audit.”
Pravin Kothari, Founder and CEO of cloud security provider CipherCloud