Chuck Leaver – Past Mistakes Mean That Experian Should Learn And Implement Continuous Monitoring

Written By Josh Applebaum And Presented By Charles Leaver Ziften CEO

Experian Need To Learn from Mistakes Of The Past And Implement A Constant Monitoring Service

Operating in the security sector, I’ve constantly felt my work was hard to explain to the average individual. Over the last couple of years, that has altered. Sadly, we are seeing a new data breach revealed every couple of weeks, with much more that are kept private. These breaches are getting front page headlines, and I can now discuss to my friends exactly what I do without losing them after a few sentences. Nevertheless, I still question what it is we’re gaining from all of this. As it turns out, many businesses are not learning from their own errors.

Experian, the international credit reporting company, is a company with a lot to learn. A number of months ago Experian revealed it had discovered its servers had been breached and client data had been stolen. When Experian announced the breach they assured clients that “our consumer credit database was not accessed in this breach, and no payment card or banking information was obtained.” Although Experian took the time in their statement to assure their customers that their monetary details had actually not been stolen, they further elaborated on what data in fact was stolen: consumers’ names, addresses, Social Security numbers, birth dates, driving license numbers, military ID numbers, passport numbers, and extra information used in T- Mobile’s own credit assessment. This is frightening for 2 reasons: the first is the type of data that was taken; the second is the fact that this isn’t the first time this has occurred to Experian.

Although the hackers didn’t walk away with “credit card or banking info” they did walk away with individual data that could be exploited to open new payment card, banking, and other financial accounts. This in itself is a reason the T-Mobile customers involved should be concerned. Nevertheless, all Experian consumers must be a little nervous.

As it ends up, this isn’t really the first time the Experian servers have actually been compromised by hackers. In early 2014, T-Mobile had revealed that a “reasonably small” number of their consumers had their individual details stolen when Experian’s servers were breached. Brian Krebs has a really well-written blog post about how the hackers breached the Experian servers the very first time, so we won’t get into excessive detail here. In the first breach of Experian’s servers, hackers had actually made use of a vulnerability in the company’s support ticket system that was left exposed without first needing a user to authenticate prior to utilizing it. Now to the frightening part: although it has become commonly known that the hackers made use of a vulnerability in the organization’s support ticket system to provide access, it wasn’t until soon after the second hack that their support ticket system was closed down.

It would be hard to imagine that it was a coincidence that Experian chose to take down their support ticket system just weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: what did Experian find out from the very first breach where customers got away with sensitive consumer data? Companies who save their consumers’ sensitive info must be held accountable to not just secure their clients’ data, however if also to ensure that if breached they patch the holes that are discovered while investigating the cyber attack.

When companies are investigating a breach (or potential breach) it is imperative that they have access to historic data so those investigating can try to piece back together the puzzle of how the attack unfolded. At Ziften, we provide a system that permits our customers to have a constant, real time view of the whole picture that occurs in their environment. In addition to supplying real time visibility for identifying attacks as they happen, our continuous monitoring system records all historic data to enable consumers to “rewind the tape” and piece together exactly what had actually happened in their environment, regardless of how far back they need to look. With this brand-new visibility, it is now possible to not only discover that a breach occurred, but to also learn why a breach occurred, and ideally learn from past mistakes to keep them from happening again.


No Responses Yet to “Chuck Leaver – Past Mistakes Mean That Experian Should Learn And Implement Continuous Monitoring”

Leave a Reply