data breach, IT Security
Leave a Comment

Another Breach??

written by Chad F Walter

http://www.cnn.com/2014/11/10/politics/postal-service-security-breach/index.html

“The intrusion is limited in scope…”.

How can access to and possible theft of “personal identifying information of the 750,000 employees and retirees which includes birth dates, addresses and employment codes used in the Postal Service’s payroll systems”, plus 2.9 million customer records, be even remotely considered an intrusion of limited scope?

As we recently witnessed in the JPMorgan Chase breach, it’s pure marketing fodder.

In reality, this is huge in scope and, based on early reports, the information accessed and potentially stolen could have an unlimited impact on USPS employees and customers, for years to come. No, I don’t wish to see an outbreak of panic, but perhaps a little panic is required for IT security to be taken seriously.

The 2.9 million customer records that were apparently accessed contained names, addresses, phone numbers and emails.

USPS Data Breach 2014

I often argue that this information is far more valuable than bank account or credit card numbers. Account numbers can quickly be changed and monitored for investigative purposes. On the other hand, have you ever known someone to move, or change a phone number? Or even change their email because of a cyber breach? That personal information is exactly what is needed to launch massive social engineering campaigns beyond “My associate, the exiled former Nigerian President needs your help…”.

Such detailed, personal information has a shelf life lasting years beyond the initial breach.

It’s imperative to point out that there is also a legitimate market for such data. Consequently, these details are gold to legal list companies who either sell the list to sales organizations, or not-for-profits; even political campaigns. The criminals who stole this information have the potential to make quite a lot of money outside of the black and grey markets.

This entry was posted in: data breach, IT Security

by

Our mission is to produce, configure and maintain effective, affordable, computer security systems to protect the computer systems of enterprises of all sizes. We believe that all companies, regardless of size, should be afforded the same level of protection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s