It has been reported that the fear of security was raised after the Central Bank mistakenly exposed the names and home addresses of credit union bosses. The data breach has forced the bank to issue a groveling apology after it blundered by releasing the personal information to third parties. Names and addresses of around 50 credit union chairpersons and chief executives, many of whom hold keys to credit union premises, were given out in error.
<p>The Central Bank is now dealing with the embarrassing situation of having erroneously given out the personal information (PII) of many dozens of credit union bosses. In a case of oversharing, the Central Bank fielded a request by a third party by sending too much personal information about these data subjects. What is interesting about this situation is the open admission that the incident was due to “human error.” We tend to think that cybersecurity attacks and data breaches are due to ingenious acts of brilliant but nefarious hackers. Sometimes that is actually the case, but it’s not the majority of cases. In reality, the majority of incidents are caused by human error on the organization’s side: misconfigurations, chaotic data security policies, under-trained employees, a weak culture of data security and privacy, and of course as in this incident, accidental release of (too much) information. The solution is multi-dimensional: remove human error through effective automation, create data policies and procedures that are clear and that reinforce a strong culture of cybersecurity, and of course use the most effective data-centric security such as format-preserving encryption and tokenization to protect the data itself in case it gets into the wrong hands.</p>