In response to news that200 million Chinese resumes were exposed in a MongoDBdatabase leakand there are indications the date was accessed at least a dozen timesexperts with OneSpan and Cequence offer perspective.
Franklyn Jones, CMO atCequence:
“It’s unusual for data breaches to yield such a rich set of data on individuals. Unfortunately, it provides fraudsters with the ability to acquire these stolen records on the dark web, then use automated bots for the purpose of synthetic account creation. Their goal might include using stolen IDs to establish a new line of credit, for example, which can lead to identity theft for consumers and damaged reputation for the business.It’s another reason why these organizations need to ensure their security architectures include bot defense capabilities.”
Tim Bedard, Director, Security Product Marketing atOneSpan:
“Statistics show that the likelihood of having your identity stolen is higher than you think. Victims of data breaches are even more likely to be affected. According to statistics:
16.7 million Americans had their identity stolen in 2017
1,579 data breaches exposed 179 million records globally in 2017
31.7% of data breach victims experienced identity theft in 2016
“As organizations shift to digital channels to better serve customers, it becomes more challenging to verify identities effectively. This is because data breaches expose more and more personally identifiable information (PII), making identity theft easier to perpetrate. After all, using stolen information to open a new account is too easy, because of social engineering; phishing attacks, etc. With the growth of identity fraud, combined with the accelerated use of synthetic identities continues to make organizations more vulnerable to new account fraud, account takeover and application fraud. This is why it is critical for organizations to adopt more modern technology solutions, such as advanced risk analytics, context-aware identity verification and adaptive authentication to combat these types of fraud.”
Michael Magrath, Director, Global Regulations & Standards atOneSpan:
“As an official supporter of the Paris Call for Trust and Security in Cyberspace, we have been a long-time advocate of protecting and securing personally identifiable information online.
Unfortunately, for the 200 million Chinese job-seekers the scraped database was not secured in anyway.Any database connected to the Internet must be secured through encryption and ideally requiring multi-factor authentication to access it.As in other countries, it is customary for job-seekers to divulge an extreme about of PII in their Curriculum Vitae.That helps employers, but when the information falls into the wrong hands it can open the person to identity theft.The sad truth is that technology solutions are commercially available and this far reaching incident could have been avoided.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.