More reaction to news that the U.S. gov OPM hack has impacted upwards of 25 million people from security experts of Tripwire,VASCO and Lieberman Software.
Tim Erlin, Director of IT Security and Risk Strategy, Tripwire (www.tripwire.com):
We shouldn’t be surprised that the scope of the OPM breach has grown. It’s a common pattern for discovered data breaches to grow in scope as investigators learn more about the details.
When a breach is discovered, and when it hits the news, it usually coincides with the first definitive evidence of actual data loss. Just like any crime, the first indication of trouble often generates leads that need to be followed. In the case of a data breach, evidence that one system has been compromised might be a starting point, but that trail often leads to other systems that were compromised as well. One an attacker has gained a foothold, they rarely stay contained to a single target. A competent burglar searches the whole house for valuables, and the home owners might not notice everything that’s missing at first glance.
John Gunn, VP, VASCO Data Security (www.vasco.com):
“The magnitude cannot be overstated – this is an identity Armageddon for almost 1 in 10 Americans, it will have a life-changing impact on 25 million people who will live with significantly increased risk of becoming a victim for the rest of their lives.
Will this finally be enough to usher out our dependence on ancient login processes and the false assurance of simple user names and passwords? The sheer scope should be enough to drive public and private institutions to adopt more secure methods of authentication.”
Philip Lieberman, President, Lieberman Software (www.liebsoft.com):
“This is what happens when you try to save money on IT and use outsourcers instead of investing in your own employees. The systems in question should never have been directly connected to the Internet.”