Following the news that Swisscom has admitted that 800,000 customer records were breached last year (including names, address, telephone numbers and dates of birth) IT security experts commented below. Swisscom described the information as ‘non-sensitive’ even though the information could be used to start a phishing attack against someone or combined with other data to commit fraud.
“Although Swisscom reports that no credit card or payment information was exposed, having your name, address, and date of birth stolen can still cause problems. Cyber criminals use this information to create a complete profile of customers. Add a little social engineering, and they can start cracking all types of accounts and even open up accounts in consumers’ names.
Protecting data from breaches is becoming increasingly challenging. The millions of personal data records exposed only in the last months put all companies at risk of account takeover fraud. To turn it around, companies can implement intelligent ways to authenticate their customers. It is not enough to verify users by their personally identifiable information (PII) to access an online account, as this is so widely available – and low cost. Companies need a security intelligence that can evaluate not just the data but also the user behaviour through passive biometrics.
Behavioural-based authentication methods are proving to be extremely efficient in tackling this threat and keeping consumers’ accounts safe. Multi-layered solutions that evaluate the user’s behavior give a true insight into who is behind the device – and provide high accuracy on whether it is the consumer or a cyber criminal using consumers’ correct credentials.”
“The SwissCom breach and claim that the customer data taken is non-sensitive underlines a huge misunderstanding between many companies and their customers. Customers share data on the basis that it will be respected and protected – to them all data shared privately is sensitive. The industry has spent years telling web users how to protect themselves from Identity fraud, and now the industry has to eat its own dog food, and make sure all customer data is persistently encrypted and protected from data breaches – it is the last line of defence for customers and the company.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.