By Josh Applebaum

Experian Hack: Continuous Monitoring Keeps History from Repeating

Experian Could Learn from Past Mistakes with a Continuous Monitoring Solution

Being in the security industry, I’ve always felt my job was hard to explain to the average person. Over the last few years, that has changed. Unfortunately, we are seeing a new data breach announced every few weeks, with many more that are kept private. These breaches are getting front page attention, and I can now explain to my friends what I do without losing them after a few sentences. However, I still question what it is we’re learning from all of this. As it turns out, many companies are not learning from their own mistakes.

Experian, the global credit reporting firm, is a company with a lot to learn. Several months ago Experian announced it had discovered its servers had been breached and that customer data had been stolen. When Experian announced the breach they reassured customers that “[our] consumer credit database was not accessed in this incident, and no payment card or banking information was obtained.” Although Experian took the time in their announcement to reassure their customers that their financial information had not been stolen, they further elaborated on what data actually was stolen: customers’ names, addresses, Social Security numbers, date of birth, driver’s license numbers, military ID numbers, passport numbers, and additional information used in T- Mobile’s own credit assessment. This is scary for two reasons: the first is the type of data that was stolen; the second is the fact that this isn’t the first time this has happened to Experian.

Although the hackers didn’t walk away with “payment card or banking information” they did walk away with personal data that could be exploited to open new credit card, banking, and other financial accounts. This in itself is a reason the T-Mobile customers involved should be nervous. However, all Experian customers should be a little nervous.

As it turns out, this isn’t the first time the Experian servers have been compromised by hackers. In early 2014, T-Mobile had announced that a “relatively small” number of their customers had their personal information stolen when Experian’s servers were breached. Brian Krebs has a very well-written blog post about how the hackers breached the Experian servers the first time, so we won’t get into too much detail here. In the first breach of Experian’s servers, hackers had exploited a vulnerability in the company’s support ticket system that was left exposed without first requiring a user to authenticate before using it. Now to the scary part: although it has become widely known that the hackers utilized a vulnerability in the company’s support ticket system to gain access, it wasn’t until soon after the second hack that their support ticket system was shut down.

It would be hard to believe that it was a coincidence that Experian decided to take down their support ticket system mere weeks after they announced they had been breached. If this wasn’t a coincidence, then let’s ask: what did Experian learn from the first breach where customers got away with sensitive customer data? Companies who store their customers’ sensitive information should be held accountable to not only secure their customers’ data, but if also to ensure that if breached they patch the holes that are discovered while investigating the attack.

When companies are investigating a breach (or potential breach) it is imperative that they have access to historical data so investigators can try to piece back together the puzzle of how the attack unfolded. At Ziften, we provide a solution that allows our customers to have a continuous, real-time view of everything that happens in their environment. In addition to providing real-time visibility for detecting attacks as they occur, our continuous monitoring solution records all historical data to allow customers to “rewind the tape” and piece together what had happened in their environment, regardless of how far back they need to look. With this new visibility, it is now possible to not only learn that a breach occurred, but to also learn why a breach occurred, and hopefully learn from past mistakes to keep them from happening again.



Get the Blog Here