Identity Matters - August 2024
What happened in the world of Identity in August?

Identity Matters - August 2024

The Social Security data breach. This cyber incident against National Public Data (NPD), a private Floridian personal information aggregator, might shape up to be the single most catastrophic data breach of all time. With potentially millions of United States, United Kingdom, and Canadian citizens listed as the victims of critical credential theft, the scope of the attack is still not fully understood. Now is the time to step back, stay calm, and objectively assess the facts as they come in. Get up to date on how such an event could take place, its ramifications, how to protect your own data, and take action to protect yourself and your information in the face of this sobering disaster.?

Because Identity Matters.?

Industry Highlights?

National Public Data Confirms Massive Breach?

In the wake of the NPD data breach, experts and victims alike are trying to piece together a timeline. The first public alert about the incident came from an independent cybersecurity company, Hackmanac , on April 8, 2024. The breached database was reported to exceed 4 TB for a purported 2 BN+ identities. NPD finally acknowledged the veracity of this breach report in August, admitting that they had been targeted since late 2023 and had been confirmed compromised in April. Controversially, not only did the company not make the affected parties aware of the breach in a timely manner but have offered no support for safeguarding the victims against potential identity theft resulting from the incident.?

Get Jai Vijayan 's analysis on the incident from Dark Reading here .?

National Public Data breach update: Lawsuits pile up against Florida-based background check company after ‘security incident’?

Following the public disclosure of the NPD breach, the company has become inundated by a series of class-action lawsuits. As of August 21st, more than 14 cases have been filed against NPD’s parent company, Jerico Pictures. Besides the sheer scope of the breach, several factors are coloring the charges levied against the company. Foremost?among them is the nature of NPD’s date collection methods, scraping non-public sources without the consent of the affected parties, potentially violating General Data Protection Regulation (GDPR) for UK residents. Additionally, writer Sam Becker notes that these accusations of negligence could escalate into criminal proceedings and may open the door to landmark rulings concerning digital data collection.?

Get more information from FastCompany about the legal developments of the NPD breach here ?

Examining the National Public Data Breach and Risks for Data Brokers?

Between the large-scale effect of this breach and the mounting legal action taken against Jerico Pictures and NPD, the whole incident is casting a spotlight onto the data collection industry and its track record. In her article for InformationWeek , Carrie Pallardy tackles the question of how data brokers oftentimes lack sufficient safeguards to prevent data leakage. Additionally, this incident sets the stage for North American regulations like Europe’s GDPR to pass stateside. However, concerns arise about smaller entities might be spared enforcement even if new laws are passed.?

Get more information and full analysis of heightened scrutiny around data brokers from Information Week here ?

Social Security number data breach: What you need to know?

In the wake of the NPD attack, many readers may have been impacted by the breach. How can you check if your data was among those compromised? In addition to his own analysis of the breach, Sean M. Kerner of TechTarget has compiled a list of resources and action items for individuals who fear they may be affected. His recommendations include breach databases, credit monitoring, and keeping an eye out for notifications concerning suspicious account activity.??

See what other options are available for safeguarding your information on TechTarget here ?

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw?

The NPD breach was not the only cyber incident to take place. Software-producer SolarWinds was the unfortunate victim of a major cyberattack in 2020, and their luck seems to have not changed for the better. On August 13th, SolarWinds announced a hotfix for a critical web help desk vulnerability which allowed a “remote unauthenticated user to access internal functionality and modify data.” Mere days later, evidence emerged from the Cybersecurity and Infrastructure Security Agency (CISA ) that, despite internal testing, the flaw had been exploited. A second hotfix was swiftly dispatched to correct the issue, though SecurityWeek writer Ionut Arghire suggests that multiple customers may have been affected, and echoed SolarWinds’ urging client organizations to apply the hotfix as soon as possible.?

Read more from SecurityWeek here ?

Hackers leak their own operations through exposed Telegram Bot API tokens?

There is a bright spot amongst a month that will go down in cybersecurity infamy. A cybersecurity team from Check Point Software caught a pair of major cybercriminals responsible for the Styx Stealer and Agent Tesla malware campaigns through clever detective work. Laura French reports that, by detecting and then tracing a Telegram token left behind in the code of their malware, the investigators found the hackers’ message history and, in time, nailed down their identities and locations.??

Read the full story of this exemplary act of cybersecurity action at SC Media here ?

Simeio Spotlights?

U.S. Electric Grid Becoming More Vulnerable to Cyberattack?

One of the most sinister targets of modern cybercriminals is one of the most colossal pieces of critical infrastructure in history: the U.S. Energy Grid. As attacks ramp up in complexity and potential consequences, the risk posture of government and private energy enterprises is becoming a major concern, with a single outage able to cause cascading damage across all other sectors of the economy. In his most recent article, Simeio Chief Security Officer (CSO) and identity industry veteran Ron Mechling tackles this issue, its myriad causes, and how energy producers and distributors can defend themselves.?

Read Ron’s article, “U.S. Electric Grid Becoming More Vulnerable to Cyberattacks,” here ?

CISOs, the Law, and IAM Compliance Requirements?

As the main overseers for identity security and efficiency in their enterprises, Chief Information Security Officers (CISOs) shoulder a heavy burden. Their jobs are made even more difficult by the considerable number of legal guidelines, standards, and regulations they must ensure their identity fabric adheres to. Failing to follow these rules has the potential to land CISOs and their companies in hot water legally. Additionally, lack of compliance oftentimes leaves companies unprepared against pressing threats, resulting in security gaps which only grow wider as the underlying causes go unaddressed.?

Read Dr. James Quick’s latest article, “CISOs, the Law, and IAM Compliance Requirements” and learn how responsible CISOs can tackle this challenge here ?

Case Study: Identity Onboarding for Major Electronics Manufacturer?

A major electronics manufacturer was struggling with suboptimal in-house identity and access management solutions. An overreliance on manual provisioning and ineffectual in-house management scripts made their identities insecure and severely impacted the efficiency of their Joiner-Mover-Leaver process. But when Simeio and SailPoint overhauled their identity and governance administration solution, their identity fabric was transformed into a competitive and effective management platform.?

Learn how Simeio and SailPoint achieved this here ?

Insightful!

回复

要查看或添加评论,请登录

Simeio的更多文章

社区洞察

其他会员也浏览了