The EQ Cyber Security Debrief 28.01.19
Each week at EQ Data we will be looking at the breaking news stories from the world of data and cyber security. From the latest cyber technology developments to data breaches and new marketing insights; you can find the debrief here.
Biggest collection of breached data found by haveIbeenpwned.com
Over 770m compromised data records including email addresses and passwords were recently discovered by hacking database, Haveibeenpwned.com. The site regularly exposes data breaches and allows users to check for free whether their email addresses have been hacked and personal information exposed online. The incredible volume of breached records exceeds any other previously published data breach with a total 1,160,253,228 unique combinations of email addresses and passwords according to site founder, Troy Hunt. The cyber security expert said that the breach was from multiple sources rather than a singular instance of a hack.
New report calls for Active Cyber Defence scheme to be adopted by private businesses lacking cybersecurity
A report into the UK Active Cyber Defence (ACD) programme, a set of measures designed by the NCSC to equip the public sector against cyber threats, looks at how to enforce change in private firms regarding cyber security. The review was conducted by the Cyber Security Research Group and the Policy Institute at King’s College London and discusses the difficulty in incentivising firms to adopt best practices for cyber security. The report notes that the safety of the UK cyber space depends upon the public and private sectors as an entirety yet companies still lack sufficient policies, cyber security technology and training. Although the NCSC has no legal authority to implement ACD in private businesses, it states that the UK government would take, “decisive action if the market cannot deliver adequate cybersecurity solutions.”
Universities test cyber resilience with dummy attack competition
Universities in the UK will have the opportunity to take part in a new cyber security competition which will test the resilience of their IT infrastructure and networks against cyber threats. 20 UK universities have committed to the programme, Exercise Mercury, which gives institutions the opportunity to challenge one another in mock tests and identify vulnerabilities, “within processes, policies, procedures and technical vulnerabilities, and their digital footprint.” Universities can then learn from the competition insights and understand their unique priorities in terms of cyber weaknesses.
Over 24 million banking and mortgage documents exposed online
Millions of records from leading financial services in the U.S including Capital One and Wells Fargo were revealed online for a period of two weeks following a security glitch in an Elasticsearch database. The lack of password protection on the server meant over ten years’ worth of sensitive information such as bank loans, mortgages and tax documents including personal details such as email addresses and social security numbers was made public. Owing to the age of the database some records belong to past customers and banks who have ceased trading, but nevertheless the breach means that the information was readily available to hackers. This is the latest security flaw in an Elasticsearch database, with several online casinos and non-profit youth organisation, AIESEC, who use the database also announcing data breaches this month.