From the Blogosphere
Living Social’s Data Breach
The Importance of Encrypting or Tokenizing Personally Identifiable Information
By: Gerry Grealish
May. 9, 2013 04:00 PM
Living Social, the popular online discount site, recently experienced a cyber-attack affecting more than 50 million of their customers. Users with a Living Social account received an email explaining the data breach, which included hackers accessing customer user names, email addresses, birth dates and passwords.
In the email to customers, Living Social asked many users to change their password immediately. While the passwords were encrypted, Living Social Chief Executive Tim O'Shaughnessy wrote "We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)."
Unfortunately, the other compromised personally identifiable information (PII) - user names, emails addresses and birth dates - was not encrypted, putting the personal data of millions of Living Social customers into the hands of cybercriminals. The dollar value associated with PII and the potential to use this information to commit identify theft and other online fraud has made these types of attacks more common. This may appear to be just another in a string of recent incidents where high-profile companies such as Apple and Twitter, those with significant amounts of sensitive customer data, came under attack by hackers. But, Living Social's upfront handling of the attack can serve as a forewarning for other companies holding large amount of customer PII.
These security breaches help demonstrate the importance of organizations taking the extra security step of encrypting all PII collected and held when working with customers. If and when a cyber-attack occurs (which we are seeing is seemingly inevitable for online companies), strongly encrypting or tokenizing all data fields would render all sensitive customer data (not just passwords) useless to hackers. This gives an enterprise and its customers confidence to conduct business online and share information without concerns of security attacks. It also helps protect the company from the liabilities and issues associated with these compromises should they occur.
PerspecSys Inc. is a leading provider of cloud data security and SaaS security solutions that remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies who rely on cloud compliance by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. Based in Toronto, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital and GrowthWorks.
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week