You know you’ve made it when you get your own month

Happy Cybersecurity Awareness Month!  Yes, October is host to a number of awarenesses, including cybersec (which makes it timely for Ed Snowden to join Twitter), and this year, some, like the folks at Experian and T-Mobile, might find this awareness to be quite relevant to their interests.  A new data breach, announced last week, hit the credit reporting agency in September and affected the personal information of 15 million T-Mobile customers in the United States, as well as former customers and subscribers to the wireless carrier.  Among the stolen information were the usual morsels: names, addresses, Social Security numbers, along with driver’s license and passport numbers.  All items gleaned from one accessed server, according to an Experian statement.  

While it is not yet known how long the hackers were foxing in the hen house, but considering that Experian alone produces 1.2 billion consumer credit reports annually, in addition to 45 billion business records, this is already a significant problem; and could become worse as we learn more about the full extent of the stolen information.  Experian, of course, is also one of the three major credit bureaus in the U.S., with Equifax, Inc., and TransUnion; nor are they unfamiliar with data protection troubles, having undergone investigations in 2012 for improperly disclosing data through a subsidiary that was hoodwinked by a malicious agent.  Needless to say, any one of these servers would be a huge bounty for thieves who infiltrate behind enemy lines.

Servers were also breached at crowdfunding platform Patreon last week, compromising a database containing 15 gigs of customer information, though fortunately not credit card numbers or tax forms are stored on those servers.  Still, 2.3 million Patreon users–who have enabled the growth of the service to the point where it can give out over $2 million per month to artists of all stripes—have had their email and shipping addresses exposed, among other things, and are being advised to reset their passwords.  Like Ashley Madison, Patreon does use bcrypt, one of the better hashing options available, to secure its passwords, but it’s not foolproof.

It just goes to show how nobody is exempt from being a target (or a Target), from credit services to crowdfunding. 

By: Jonathan Weicher