July 19, 2018
The Netherlands-based Telecompaper informed that Telefonica, a top-10 telecom seller situated in Spain that provides telecom facilities across over 20 countries, was struck by a major safety break. Private customer data of millions of its customers was probably disclosed in the break. The firm reportedly said the fault was rectified and that the break was informed to the authorities.
Information disclosed by the break was reported to have included clients’ fixed-line and mobile numbers, their complete names, home addresses, national identification numbers, banks and call, and data records.
Although the company doesn’t yet know the complete range of the break, the data disclosed in the safety break reportedly might be downloaded by a hacker. “Astonishingly, the Telefonica client data was easily downloadable as an unencrypted worksheet,” said Pravin Kothari, creator, and CEO of CipherCloud.
“Lesson of the story? Cyber-attackers will get into any network ultimately. End-to-end encryption would have offered safe harbor for Telefonica if they utilized it to safeguard the data. With encryption there would be no break to report as per GDPR as thieved encrypted data would be useless,” said Kothari.
With GDPR in effect, Telefonica should now abide by the notice and follow-up directives. “This type of data disclosure is why so many companies who deal with customers online – from the lending and finance area to e-com and main stores – are layering in innovative safety solutions, like behavioral analytics and passive biometrics,” said Ryan Wilk, vice president of client success, NuData Security, a Mastercard company.
“In doing so, they are moving from ‘let’s make our firm a shelter for everyone to ‘let’s leave the shelter for risky users only.’ They do so by utilizing technology that does not depend on data that might have been disclosed in a break, thus avoiding post-breach loss. Passive biometrics technology can’t be imitated by hackers and assists break the chain of continuous racket that grows whenever client data is broken and thieved,” said Wilk.