It has been revealed this morning that Virgin America suffered a data breach in March of this year, affecting an estimated 3,120 employees and contractors. Virgin America has confirmed in a letter sent to employees that its network was compromised by hackers, with data belonging to thousands of workers compromised and possibly stolen by the attackers. IT security experts commented below.
Robert Capps, Authentication Strategist and Vice President at NuData Security:
“While full details have not yet been confirmed, yet again, this is another breach that highlights the need for companies to focus on new types of authentication methods. Changing passwords is a Band-Aid. The approach needs to be to the root of the issue – the data the hackers are going after. If we, as an industry find ways to render this stolen personal information valueless to the hackers by instituting multiple layers of security, we take power out of their hands. Layers that includes passive biometrics and behavioral analytics, physical biometrics, 2-factor authentication and more to accurately identify the person behind the device and to determine if it the correct person by their behavior even when these stolen credentials make their way into the hacker’s hands. If one authenticating piece of data is compromised, another one will take its place. While hackers continue to use stolen credentials, their actions could be stopped by through behavioral and biometric analyses. As hard as cyber criminals may try, they cannot mimic the exact behavior of the customer.”
Andrew Clarke, EMEA Director at One Identity:
“Virgin America demonstrates its use of best practice, pro-active approach in security monitoring activities have enabled their security team to immediately notice an attempt to access their internal systems where staff and contractor information was stored. Often companies are unaware that these incidents have even taken place. Moreover, they clearly had well practiced plans to mitigate the impact of the risk and ensure the affected individuals were notified. Although no details of the attack methods have been revealed yet, often these type of incidents are as a result of a hacker getting privileged access which enables them to navigate the target company’s network with ease. To stop such an incident from occurring in the first place, companies are now placing privilege accounts under central control – enabling them to safeguard credentials that in the wrong hands can cause an incident.”
Mark James, Security Specialist at ESET:
“The good things to take from this are that they spotted they had been hacked and have notified the affected parties. The bad, of course, is that hackers were able to get away with data that is unchangeable.
As usual the obligatory line is included “credit card information wasn’t compromised” and that is great news- but it’s a lot easier to cancel or change a credit card, than it is to change the info stolen; this includes names and addresses, Social Security numbers, and driving license data- all the type of data that has and will be used to attempt to gain more info, identity theft or be used as a basis of trust to communicate with others.
We tend to prioritise financial data over other stolen data because it can have an immediate affect, but they are easy to change, expire or we often replace them ourselves if we find a better company to look after our finances. It’s a lot harder to change the data we see stolen every day. Although with that said, it’s not impossible to change your social security number if you are concerned, but bear in mind “Changing your number is not easy, and this is not a decision to be taken lightly” and how often can you do it? These days if you were to change your name, address and social security number every time it was hacked or stolen, it would turn into a hobby rather than an odd occurrence!
Of course if you are or have been affected by a data hack the usual procedures should be followed- keep an eye on your finances, even small out of the ordinary transactions you don’t recognise might be an indication that something is not right. Always be wary of emails or phone calls asking for more information; if you get one take a few minutes to validate if its genuine. If needed call them back using an publicly advertised number and check to make sure- they want you to be safe as much as you want to be safe, so they will be happy to help you validate them as a company that cares.”
Javvad Malik, Security Advocate at AlienVault:
“While details aren’t clear as to who breached Virgin America’s systems, or how. The fact that Virgin was able to detect the breach itself demonstrates the value and requirement in having good security monitoring and threat detection capabilities in place to discover breaches rapidly in order to minimise impact.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.