I want data loss reasons, not numbers

Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

Media reporting of data breach events like the UK NHS, Heartland, Hannaford  and Bank of America has overwhelming focussed on the raw numbers of customer data records that were breached.

Little information is available regarding the root causes – how attackers exploited the system and people vulnerabilities to get the data.

Although US legislation requires disclosure of a data loss event, it does not require disclosure of the root causes of  the event.

In the Hannaford Supermarket data breach case of over 4 million credit cards, the State of Massachusetts refused to provide details on their investigation.  Hannaford claims that malware attacked their store servers and promptly signed a contract with IBM to replace over 250 store back office servers.

Let’s take closer look and see if this makes sense.

Store back office servers in a retail POS system are never connected to the public Internet and therefore could not be attacked directly by malware. It is possible that there was network connectivity from the company’s internal administration network of Windows users to store back office servers and this may have served as a vector for malware delivery. Possible and if true, a reason to segregate the store networks from the administration network using technology such as Waterfall Systems but not a reason to replace all the back office servers.

My gut feeling is that Hannaford may have had a case of credit card authorization requests being saved in temporary files that were accessible from a Windows share on the administration network. Which made it childs play to steal by an insider with reasonable knowledge and access to the network.

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply