Ranked as the fourth largest data breach of the 21st century, in July 2017, the credit monitoring company Equifax admitted to exposing the details of at least half of all Americans, some 146 million customers – with just over 200,000 credit cards compromised.
This week, the investigation has revealed some other alarming numbers, including that over 145 million social security numbers and 17.6 million driver's license numbers were also exposed. Even customers' images from passports and driver's licenses were stolen by hackers.
Though the record of the biggest data breach is held by Yahoo, the Equifax debacle has a worse potential for harm or fraud coming to customers based on the sensitive information that was captured in the breach. Identity theft poses a huge risk to individuals, particularly in cases where names, dates of birth, social security numbers and pictures are obtainable. Criminals can buy and sell this information on the dark web, enabling other nefarious actors to commit fraud and open credit cards or take out loans with the stolen personal details.
It's no wonder tougher regulations are coming into force in Europe in particular with the General Data Protection Regulation (GDPR) and a positive ripple effect expected amongst US businesses, according to one US consumer group. After all, for US organizations (like Equifax) that operate in Europe, the expectation for compliance to GDPR is no less than for a European-only business. The hope is that instead of compartmentalizing a data security approach, organizations will use GDPR as a best practice framework for all data protection efforts.
Of course, there will be many governance and general process controls to implement, like hiring a Data Protection Officer, but for any company looking to meet these standards from a technical perspective, using a good encryption gateway can help for a number of reasons:
- Encrypting, tokenizing or anonymizing sensitive data means if even the worst was to happen and hackers evade other defenses, the data itself is useless to them.
- An encryption gateway, like the eperi Gateway, will allow employees to get on with their jobs and use the data without disruption while keeping it safe and protected. Applications can be processed and workflows remain functional as if the data was unencrypted.
- Encryption keys can be held and managed within the enterprise itself and away from the very data and systems that they are meant to protect.
Data protection has to be a top priority for many enterprises. Unprepared companies will be caught out and the consequences of yesteryear will seem like a dream compared to what could be waiting on the horizon for those that don't take data protection seriously. --
CSOonline - The 17 biggest data breaches of the 21st century
ComputerWeekly - GDPR will have positive ripple effect, says US consumer group