Following the news that Swisscom has admitted that 800,000 customer records were breached last year (including names, address, telephone numbers and dates of birth) IT security experts commented below. Swisscom described the information as ‘non-sensitive’ even though the information could be used to start a phishing attack against someone or combined with other data to commit fraud.
Lisa Baergen, Director at NuData Security:
“Although Swisscom reports that no credit card or payment information was exposed, having your name, address, and date of birth stolen can still cause problems. Cyber criminals use this information to create a complete profile of customers. Add a little social engineering, and they can start cracking all types of accounts and even open up accounts in consumers’ names.
Protecting data from breaches is becoming increasingly challenging. The millions of personal data records exposed only in the last months put all companies at risk of account takeover fraud. To turn it around, companies can implement intelligent ways to authenticate their customers. It is not enough to verify users by their personally identifiable information (PII) to access an online account, as this is so widely available – and low cost. Companies need a security intelligence that can evaluate not just the data but also the user behaviour through passive biometrics.
Behavioural-based authentication methods are proving to be extremely efficient in tackling this threat and keeping consumers’ accounts safe. Multi-layered solutions that evaluate the user’s behavior give a true insight into who is behind the device – and provide high accuracy on whether it is the consumer or a cyber criminal using consumers’ correct credentials.”
Luke Brown, EMEA VP at WinMagic:
“The SwissCom breach and claim that the customer data taken is non-sensitive underlines a huge misunderstanding between many companies and their customers. Customers share data on the basis that it will be respected and protected – to them all data shared privately is sensitive. The industry has spent years telling web users how to protect themselves from Identity fraud, and now the industry has to eat its own dog food, and make sure all customer data is persistently encrypted and protected from data breaches – it is the last line of defence for customers and the company.”