Companies Must Adopt Better Precautionary Measures To Provide Greater Online Protection For Customer

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Sony Playstation Network’s recent data breach could cost more than $24 billion when cybercriminals recently hacked the Network for the past week involving 77 million user accounts. Credit card data of PlayStation users around the world may have been stolen in the online marketplace that let users buy and play video games on their PlayStations.
Sony said the intrusion was "malicious" and that the company had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts. Sony, whose PlayStation online service has been down for about a week, after it said account information, including names, birthdates, email addresses and log-in information was compromised for certain players in the days
"Out of an abundance of caution, we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," Sony said. The company said the account information for the PlayStation Network and its Qriocity service users were compromised between ...
... April 17 and 19.
"Simply put, one of the worst breaches we've seen in several years," said Josh Shaul, chief technology officer for Application Security Inc., a database security software maker. Shaul said that not having direct proof of credit card information theft should not instill a sense of security, and could mean Sony just didn't know what files were touched. "They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said. If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
The Texas state comptroller’s office has already spent $1.8 million to mitigate the yearlong data breach in which names and Social Security numbers were exposed. The total cost is expected to be even higher as the lawsuits start rolling in. Personal information belonging to approximately 3.5 million people in Texas was accidentally exposed on a publicly accessible FTP server for a full year before it was detected, Texas comptroller Susan Combs disclosed on March 31.
Recently, Texas Civil Rights Project filed a pre-suit investigation" petition to find out exactly who is responsible for disclosing personal information of 3.5 million Texans with the Teacher Retirement System, the Texas Workforce Commission and the Employee Retirement System. "What could have happened with all that of information, how do we trace it back and how do you undo it?" asked attorney Jim Harrington, who represents the Civil Rights Project. "It may be impossible. An official who is that incompetent needs to be held accountable for this."
For Wendy Bonn, an apology doesn't help her get her life back nor does it gives her confidence that her personal information is protected. Wendy Bonn personal information was stolen. She works in the film industry and is registered with the Texas Workforce Commission. Bonn said "My identity was stolen, my social security number, my drivers license number, my name my address, my birthday.” She added, "It was from a police department and they told me to contact a car company and they turned me down for a $90,000 loan on a car and I said if I had that kind of money, I wouldn't purchase that car," said Bonn.
A recent Ponemon Institute report noted that the average cost of “remedying” a data breach was around $7.2 million. The same report also warned that organizations that move quickly to disclose and repair the breach, as the Texas comptroller’s office is, tended to spend 54 percent more per record than the slow-reacting organizations. These report findings clearly points out that data breach is very common these days. One effective information security risk countermeasure is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council’s brand new TakeDownCon is a technical information security conference series that serves as a platform for IT security professionals to discuss and exchange views on the latest information security threats as well as remediation strategies.
In addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world’s most comprehensive ethical hacking training program. The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

ABOUT EC-COUNCIL
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous ethical hacking training, the Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other technical security training programs offered in over 84 countries around the globe. TakeDownCon Dallas 2011, is one of the conferences of EC-Council’s Take Down information security conference series.