Monday, March 23, 2015

Databases' thefts are more and more serious

Should a company which someone have stolen sensitive data from their customers; indemnify them? And, if those data were bank accounts which have been raided, should the banks be compensated? This is the Target Corporation case, a company which was robbed on December and the thieves got the numbers of credit and debt cards from 40 millions of users, opening a legal debate on the Uniteds States which will set examples throughout the world. We´ll talk about this and about other catastrophic robberies.

At the end of last week, Target reached an agreement with citizens who have sued them after filtration of data. Each harmed user will be compensated with $ 10,000. This does not prevent the corporation from meet the demands of various banks that want the company to assume the cost of theft accounts exposed, due to the leak. Banks accuse Target of storing  credit card numbers on their servers, when the law required it to destroy them once the payment is made.

We´ll see how this interesting case will reach and end. In the meanwhile large scale robberies of Databases containing sensitive info continue. Again it has been the turn of a medical insurance company: Premera Blue Cross, which accuses the Chinese Government of being responsible of the robbery of the financial and medical data of at least 11 millions of  patients. Before the Premera affair, Anthem and CHS were also victims of such kind of actions in what has been considered a large scale op against North American medical insurance companies.

What would China use this kind of data for if found guilty of such actions? It rises some public concern, specially after reading one of the most impressive news this Monday: The hacking branch of the Islamic Army has uploaded to Internet the personal data (pictures, names and physical addresses) of 100 american soldiers, inviting their followers to kill them. ISIS say they got the info by stealing some databases. 

This kind of robberies are really a plague, many times caused by too safety measures, as in Target Corporation case and that´s why the have faced so many claims. Other times the robbery is more sophisticated and the thieves use unknown bugs called 0day. Just last week a new edition on the Pwn2Own was celebrated, allowing the participants to discover previously unknown security breaches on the main browsers and on Adobe Software solutions.

By the way, we have heard some complaints because the rewards were not so succulent this year (20K to 50K dollar per bug) if compared to the price they could reach in the open market.


Post a Comment