Security experts from VASCO Data Security, Secure Channels and Proficio commented on the US OPM Hack
John Gunn, VP of Communications, VASCO Data Security:
“It’s a modern tragedy that so many innocent people will be victimized by hackers through no fault of their own, but simply because the stewards of their personal data failed to act in an appropriate manner to protect them. The implementation of simple and inexpensive security measures could have prevented this disaster.”
Richard Blech, CEO and Co-Founder, Secure Channels:
“This is a travesty of first order. The “Einstein System” that the OPM used to protect all of that critically sensitive data was futile and the hackers knew it. The hackers knew once they bypassed Einstein there would be a virtual treasure trove of valuable data that will forever be usable for future exploits. While you can get a new credit card number, you are not going to get a new Social Security Number or some of the other user identity sensitive data. This is going to cost the government and – as usual – the taxpayers billions to clean up this mess, and the repercussions of this breach will have effects for many years to come. Let’s be clear here, the excuses the government uses to not have encrypted all of that sensitive data are wholly unacceptable. There is no viable reason for sensitive government data to be left in a database that was clear text and unencrypted, unless the goal was to have it stolen. It’s time for the government to “outsource” it’s internal IT administration to the private sector cybersecurity companies who have the expertise that apparently the government clearly doesn’t have, or hasn’t demonstrated. Time to turn to the companies who can provide the technology that will harden and protect our country’s valuable and critical digital assets.”
Brad Taylor, CEO, Proficio:
“This breach appears to follow the classic pattern of a targeted attack where the hackers are able to compromise an organizations security and exfiltrate any data they want before being discovered.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.