As breach after breach is reported, complete with shrieking headlines in the press, on the page after the article that manipulates people’s minds to think that Brexit is a Good/Bad thing (delete as appropriate), are we in danger of suffering breach notification fatigue? They are after all becoming like telephone numbers.
This week alone we have seen the announcement that Ticketmaster exposed 40,000 users records (including payment card details). Much more disturbing, at least for our American pals, is the revelation by security researcher Vinny Troia that a marketing outfit called Exactis has exposed the personal details of 340 million individuals and corporations including phone numbers, addresses, dates of birth, estimated income, number of children, possible weight issues, age and gender of children, education level, credit rating and more besides. The whole bit (apart from payment card details – Jah Bless).
In the case of Ticketmaster, even if they haven’t contacted you directly you should change your password, and if you used the platform between September 2017 and 23 June 2018, keep an eye on your bank account and credit card statements (for card details stored on Ticketmaster, obvs) and consider getting a new card. Sophos has detailed advice here.
Unfortunately it looks like Ticketmaster was advised of this breach 2 months prior and may have been slow to fess up. Probably not a good place to be, given the May 2018 introduction of GDPR. We can only hope that a high proportion of the stolen credentials belonged to ticket touts.
In the case of Exactis, Vinny Troia was trawling the web (sounds like the start of a nursery rhyme doesn’t it?) for unprotected Elastic Stack data and came across the personal details of pretty much every US Citizen. No biggy. At least Vinny is one of the good fellas and did the right thing. We can only imagine the focus currently being applied to the access logs of Exactis’ data. Even though GDPR isn’t in force over there <—, we can expect some slapped wrists and spanked bottoms. Watch this space.
More interesting news in America this week was the introduction of bill H.R.5733, which brings industrial control systems and technology under the control of The Department Of Homeland Security. Attacks against industrial controls as part of critical infrastructure and other manufacturing capabilities are on the rise. ITC will be developing our NetSure360° platform to provide automated security control of Operational Technology over the coming months and will keep our customers up to date with progress.
For some manufacturers, namely brewers, SCADA and OT compromise are the least of their worries as Europe, and especially the UK runs out of CO2. Caused by the simultaneous maintenance of fertilizer processing plants, a by-product of which is CO2, this has the potential for us to run out of beer.
Now that is a serious issue.
If you would like to discuss breeches, breaches or the security of operational technology, please contact us soon because our crack team get grumpy without beer. You can reach us at: firstname.lastname@example.org or call 020 7517 3900.