Switzerland’s largest telecoms company has suffered a data breach which has exposed information on 800,000 customers, roughly ten percent of the entire Swiss population.
The breach, which dates back to autumn of 2017, was discovered after Swisscom carried out a routine check of its operational activities. It is believed that the hackers were able to misappropriate the access rights of a sales partner who had been given restricted access to the data but allowed them to identify and advise customers and conclude or amend contracts with them.
It is reported that sensitive information such as names, home addresses, dates of birth and telephone numbers were leaked. However, under Swiss data protection laws this information is classified as “non-sensitive”, while “sensitive” data is considered as the following: passwords, conversations or payment data.
Through an unnamed third-party company, the attackers were able to compromise many of the customers’ login credentials. As a reaction to this attack, Swisscom will be implementing additional layers of security to prevent a data breach from reoccurring. It will incorporate two-factor authentication for all data access required by sales partners, limitations on access controls and a ban of high-volume queries for all customer information.
Organizations don’t seem to realize the importance of data security with many taking a reactive approach to a cyber attack or data breach. This is yet another example of either a lax approach to security or simply criminals being crafty in the way they can expose data.
Thankfully, GDPR will iron out many security creases to ensure that after May 25th, organizations will have effective and streamlined data protection defenses in place with the risk of severe fines waiting for any that fail to protect the data appropriately.
If organizations wanted to remove any uncertainties when it came to what security solutions to use to protect their critical data, then incorporating an encryption based solution removes all doubt as to whether the data is safe.