Another Day, Another Hack: Changing Our Perspective on Security Breaches

As we see the headlines almost weekly it sometimes seems, we have all become somewhat immune to hearing about hackers in the news: another credit card company, bank or department store suffers a breach, and we go on with our day. However, those of us working in the security field are more “in tune” because of the work that we do and the sensitive data we protect. But even for us, it sometimes takes something more invasive, frightening and personal to rise above the noise.

Because I hold a Federal Government Top Secret Clearance, the Office of Personnel Management (OPM) knows a lot about many of the personal details of my life. The information one has to share in an application for a clearance is extremely in-depth; it includes financial and medical information as well as the names and addresses of family members and friends.

So you can imagine the shock I felt recently, when I was notified that my data was part of one of two OPM breaches, and that my information is now in the hands of… well, who knows? I have heard people who suffered from robberies in their homes say the worst thing the thief took was their peace of mind. I can understand that, because I too feel violated. To have shared that level of personal information with an FBI investigator was difficult enough; to have the entity charged with protecting it fail, and knowing that someone, somewhere has information about me and many aspects of my life is fear inducing on a level that is hard to describe.

In addition to the breaches at OPM, of which I am intimately familiar, a recent hack at VTech Toys shook our society when it became the fourth largest consumer data breach to date. Here is a chilling excerpt about the hack taken from an article in PC Magazine:

The hacker, whose identity was not revealed, said he or she was able to collect conversations and headshots from the company’s Kid Connect service, which allows parents and kids to chat via a smartphone app and VTech tablet. The oldest logs were dated from the end of 2014; the most recent came from last month.

A Nov. 14 hack of the Learning Lodge database exposed names, email addresses, passwords, home addresses, and download histories of 4.8 million adults who purchased products online. The first names, genders, and birthdays of more than 200,000 kids were also exposed. VTech’s customer index does not contain credit card information.

Speaking with PC Mag via encrypted chat, the hacker shared a sample of more than 3,830 image files, none of which he or she intends to publish or sell. “Frankly, it makes me sick that I was able to get all this stuff,” the hacker said. “VTech should have the book thrown at them.”

In this case, the hacker used the attack to prove a point; maybe in the long run, this incident will become a Tipping Point. Maybe the manufacturers of these toys will implement the level of security that should have been in place before the first internet-connected toy rolled out the door.

After all, security should never be an afterthought. Whether we are protecting personally identifiable information, protected health information, financial information, or the birthdays and pictures of our children, security needs to be foremost in everyone’s minds. Complain all you want about passwords and pins and security questions–they are there to protect you. Perhaps now that someone has stolen pictures and birthdays of so many of our children, and chat sessions between parents and their kids, more security measures will be mandated, and the penalties for not implementing them will be stiff enough to get even the most jaded business decision makers to take security seriously.

For more information on Reclamere and our services, contact us today.