Thursday, December 5, 2019

Computer Security Breach Took Place At Experian or T-Mobile

Question: Discuss about the Computer Security Breach Took Place During September-December 2015- At Experian or T-Mobile. Answer: Introduction Digitalization and technological advancement has occurred at such a pace that it has become difficult for the companies to fight against the ever increasing hacks, simply because with each advancement, the kind as well as the number of hackers has also increased. One of the most stunning and shocking security breach that occurred in October 2015 was when Experian, announced that a business unit of it has been attacked. The contravention is said to have happened on a server which stores personal information of about 15 million customers and applicants of USA on behalf of one of its clientele T-mobile. The hack has happened of both new applicants as well as those applicants whose credit check was yet to be done for the services or financing of the device for the three year period of 2013 to 2015 (Cheng,2015). On investigation it has been concluded that data such as names, addresses, phone numbers, date of birth and some of the encrypted fields such as the Social Security number and the ID numbers which were mentioned in the passports and the driving licenses of the applicants were hacked by the attackers. Assessment Of The Issue On analyzing the said hack, it is understood that the main focus of these hackers were to attack a particular server of Experian that had stored the crucial and confidential information of T-mobile customers and the server which was used to safeguard the information of those customers whose credit corroboration for the two year period September 2013 to September 2015 was to be conducted. The time of occurrence of the said hack was very small and the occurrence of the malafide attack happened within closed doors. Here the hackers focused their entire vision only on attacking the T-mobile data stored server and nothing else (Chabrow,2015). Sources have revealed that Experians Decision Analysis credit information support portal allows entry without any pass-codes to every individual, who are authorized to upload haphazard file attachments of various types without any restrictions and also authentication with regards the creditability of the file being uploaded. It is this accessibility which had given the attackers a prospect to instill malafide and spiteful attachments within the main server. These infused files and attachments caused T-mobile suffer the attack of leakage of confidential data of its consumers (Pagilery,2015). The CEO of T-Mobile took a very wise decision of protecting the customers whose data had been compromised and post the same deal with the security glitches that were present within the Experians network. It has compromised upon the goodwill of both T-mobile as well as Experian. However, T-Mobile has made all efforts to put the blame on Experian alone on whom they had believed and the fact the mobile company is very stringent with regards privacy policies (Larson,2015). But it was very important for T-mobile to counter check the past reputation and experience of Experian in the said task of storing confidential data securely. Solutions To Prevent Such Hacks However there lie various solutions which would help to protect the occurrence of such attacks in future. Some of it are that the entities whose job is to store such private information of other companies should have an upgraded system installed with adequate firewalls so that such a kind of hack can be detected well on time and necessary action be taken before much loss as it is a loss of three entities, the one who is storing the data, the one who is giving its data to be stored as well as the customers whose data have been compromised (Thielman, 2015). Experian should revisit its present practice of safeguarding data and instill stringent and stricter encryption technologies, double validation while entering any data base by the clienteles as we as the staff members, server virtualization should be buoyant and opportune scrutinizing of the system so that such infringements can be prohibited in the upcoming years (Allan, 2015). However, Experian has disclosed that the banking related data has not been leaked and that they are all safe. The company is also sending a written intimation to all the customers who are probably been infected by the attack thus extending them a no cost credit examining service for twenty four months. Warning bells have already been rang into the ears of the consumers so that if they notice any such unusual emails and similar interactions from sources which are not known to them, then the same should be ignored (Finkle,2015). Home Depot 2014- Data Security Breach 2014 is construed to be a year with many severe cyber attacks and security breaches of which some are JP Morgan Chase and Home Depot. The case study being discussed here is that of Home Depot which if not the biggest but is concluded to be one of the biggest breaches. On 8th September 2014, Home Depot declared that its payments card system had been hacked. However the investigation had started on the 2nd September and the company was still trying to analyze the level of impact and the depth of the contravention. As much as 56 million credit card details were stolen that covered a six month period from April to September 2014 (krebsonsecurity.com. 2014). This retail breach has outgrown the Targets breach of 40 million card violation. However as per the company officials, it was a very unusual kind of malware which was infected within the companys system. Assessment Of The Main Issue The main issue that was understood on the said case being investigated was the installation of such a malware which was uncommon and newer to all. After Target hack, companies had undertaken measures to safeguard their data but this malware was something different. Here the main issue was that the attacker utilized a vendors user name and password to enter the system of the network and injected a customized malware to get hold of the credit card details of the various shoppers. Thus here the main issue was the leakage of the vendors security information which led to the attack (Pagliery, 2014). The company failed to learn a lesson from the data breach of Target which had occurred in the near past and continued to use the old methodology of magstripes. Thus it can be said that the main problem here was that the usual way of installing the malware into the self check out registers were not adopted instead the same was specifically formulated in such a manner which would first and formo st elude the already installed firewall. Therefore the said attack cannot be compared to the previous retail attacks as the company had taken precautions to protect itself after the Target breach but was unaware of the fact that the hackers could think of such a different way out to hack as well. Who Were Affected And How The hack had led to stealing of 56 million customers credit card data thus impacting the banking credentials. The attackers, hacked the data of those transactions that took place between April to September 2014. The main attack has been done to the U.S. and the Canada stores of Home Depot. It was understood that the stealers were taking away the card data from the cash registers of Home Depot till 7th September,2014. The company was also equally hit by the said breach as it had hit their reputation and also led to a huge financial loss. The violation led to disruption of the normal business operations and the cost involved would be somewhere around $560 million. Home Depot had lost many of its consumers to the competitors. However, due to the duopoly kind of a market structure in which Home Depot operates, it is estimated that the company would not loose out on much revenue. One of the reasons behind the same is that the company will continue to gain in the benefits of an upbeat US e conomy and housing market. The impact that it has had is due to the lawsuits being filed by customers on them along with the claims being made by the customers for returning their lost money. Home Depot is expected to spend an amount of $3 billion due to the said fraud (forbes.com. 2015). Apart from the impact the said attack as had on the company, it has also impacted those customers whose data has been compromised. They are now scared as to the level of breach and how their credit and debit cards details would be misutilized. They would be unaware of the misutilization until and unless occurrence of the instances. Unfortunately, even if the customers were also affected yet the have no other choice but to visit the Home depot outlets only for buying home improvement goods. However, the only issue is that they have become too wary with regards the usage of cards therefore it has posed a big problem in case of huge purchases (Stempel, 2016). Another major way in which the said hack has impacted the customers is that hackers have got the accessibility to alter the PIN numbers and thus make withdrawals. They have been also selling these stolen data and the personal information of these card holders to the criminal websites internationally. How Was The Attack Carried Out The hack was carried out in a very different manner wherein the attackers had not the usual method of attacking. It is construed that they had used the point of sale (POS) malware to get inside the card terminal of Home Depot. The malware named FrameworkPOS is said to be somewhat similar to BlackPOS. The said malware targets the POS terminals with the help of a Windows operating system. US is found to be more prone to such credit card hacks simply because it is dependent upon such payment terminals that scan the magnetic stripe on the back of the card which gives a way to copy the data to the malware that gets injected within the system. Thus in this case the malware was specifically designed for attacking the Home Depot terminals due to which it could not be found by the age old anti-viruses installed (Smith, 2014). How The Attack Would Have Been Prevented The company had installed Symantec Endpoint Protection which is an anti-virus but had not activated the Network Threat Protection system. Had the same been activated then it would have been able to prevent various intrusions into the systems. Further had the company installed Point to Point encryption technology then it would have encrypted the data during the swipe as well as in the memory. Also very surprising was the kind of operating system being used by Home Depot. Windows XP is the most vulnerable to attacks. Thus upgrading the same to the latest version with adequate safeguards and firewalls would have also helped to safeguard the attack (Hawkins 2015). The segregation and divorce of the POS network from the rest of the corporate network is also one of the most sought after methods of preventing such attacks. Lastly, Home Depot suffered also due to a bad management of the third party vendor credentials. The attackers entered via a specific vendor id and password. Thus they should introduce an identity and access management solution which would help to take care of the identities and access of all the third party vendors as well. Thus the theft could have been prevented here in this case had the system been upgraded and the vendor credentials safeguarded well. Conclusion On a concluding note, it can be construed that due to the non-availability of a good system installed by Experian within their organization, the hack occurred. Had the same was protected well, then such a mishap would not have occurred. Further, even T-mobile is at fault as they had blind folded trusted Experian even when it is a well known fact that Experian had been always a party of such negligence in the past as well. Experian has earlier also had such unprotected systems installed. Therefore, T-mobile should take stringent actions against Experian so that such an occurrence can be prevented. References: forbes.com. (2015). Home Depot: Will The Impact Of The Data Breach Be Significant? Retrieved from https://www.forbes.com/sites/greatspeculations/2015/03/30/home-depot-will-the-impact-of-the-data-breach-be-significant/#2b2a04f74bf1 Hawkins,B. (2015). Case Study: the Home Depot Data Breach. Retrieved from https://www.sans.org/reading-room/whitepapers/casestudies/case-study-home-depot-data-breach-36367 krebsonsecurity.com. (2014). Home Depot: 56M Card Impacted, Malware Contained. Retrieved from https://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/ Pagliery, J. (2014). Home Depot confirms months- long hack. Retrieved from https://money.cnn.com/2014/09/08/technology/security/home-depot-breach/ Stempel,J. (2016). Home Depot settles consumer lawsuit over Big 2014 data breach. Retrieved from https://www.reuters.com/article/us-home-depot-breach-settlement-idUSKCN0WA24Z Smith,G. (2014). Home Depot Admits 56 Million Payment Cards At Risk After Cyber Attack. Retrieved from https://www.huffingtonpost.in/entry/home-depot-hack_n_5845378 References: Allan,P. (2015). Experian Hacked, T-mobile Credit Applicant Data Stolen [Updated]. Retrieved from https://lifehacker.com/experian-hacked-t-mobile-customer-data-stolen-1734117798 Chabrow,E. (2015). Experian Hacks slams T-Mobile Customers. Retrieved from https://www.bankinfosecurity.com/experian-breach-a-8563 Cheng,R. (2015). Data-breach hits roughly 15M T-Mobile customers, applicants. Retrieved from https://www.cnet.com/news/data-breach-snags-data-from-15m-t-mobile-customers/ Finkle,J. (2015). Millions of T-Mobile customers exposed in Experian Breach. Retrieved from https://www.reuters.com/article/us-tmobile-dataprotection-idUSKCN0RV5PL20151002 Larson,R. (2015). T-mobile, Experian Sued Over Data Hack Affecting 15 Million. Retrieved from https://www.bloomberg.com/news/articles/2015-10-07/t-mobile-experian-sued-over-hack-on-15-million-customers Pagilery,J. (2015). T-Mobile customers info breached after Experian hack. Retrieved from https://money.cnn.com/2015/10/01/technology/tmobile-experian-data-breach/ Thielman,S. (2015). Experian hack exposes 15 million peoples personal information. Retrieved from https://www.theguardian.com/business/2015/oct/01/experian-hack-t-mobile-credit-checks-personal-information REFERENCES: forbes.com. (2015). Home Depot: Will The Impact Of The Data Breach Be Significant? Retrieved from https://www.forbes.com/sites/greatspeculations/2015/03/30/home-depot-will-the-impact-of-the-data-breach-be-significant/#2b2a04f74bf1 Hawkins,B. (2015). Case Study: the Home Depot Data Breach. Retrieved from https://www.sans.org/reading-room/whitepapers/casestudies/case-study-home-depot-data-breach-36367 krebsonsecurity.com. (2014). Home Depot: 56M Card Impacted, Malware Contained. Retrieved from https://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/ Pagliery, J. (2014). Home Depot confirms months- long hack. Retrieved from https://money.cnn.com/2014/09/08/technology/security/home-depot-breach/ Stempel,J. (2016). Home Depot settles consumer lawsuit over Big 2014 data breach. Retrieved from https://www.reuters.com/article/us-home-depot-breach-settlement-idUSKCN0WA24Z Smith,G. (2014). Home Depot Admits 56 Million Payment Cards At Risk After Cyber Attack. Retrieved from https://www.huffingtonpost.in/entry/home-depot-hack_n_5845378

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.