Target, eBay hacks: lessons for brokers

Target, eBay hacks: lessons for brokers

Target, eBay hacks: lessons for brokers Giant companies are being brought to their knees by cyber attack, and that should be sending an alarm bell to insurers and brokers that their own client information needs to be handled with the utmost care, says one industry expert, who suggests one simple way to keep such data confidential.

“We live in a mobile world,” says the CEO of Route 1 Inc., Tony Busseri. “There is no need for a portable hard drive – that is a 10-year-old approach. You don’t need to move data to access it today.”

The massive data breach of Target clients forced the resignation of the CEO of that company, and now the e-commerce site eBay is asking users to change their password as their database of encrypted passwords has been compromised by a similar cyber attack.

It is a lesson even the smallest brokerage can draw from – and should take to heart, Busseri told Insurance Business.

“The industry that you are in, this is a very important cautionary tale,” he says. “It isn’t just for large corporate entities or governments. It is a cautionary tale. It could be a three or one person brokerage, that ultimately that data you have cannot be lost or stolen.”

And with today’s technology, it doesn’t mean investing thousands to provide the proper security.

“It doesn’t have to cost you more – ultimately it can save you money,” says Busseri. “But there is progressive technology in the marketplace to allow you to access the data you want when and where you need it, without taking any security risks.”

Busseri strongly advocates a security methodology that ensures data never leaves the safe confines of an organization's firewall.

“The root cause for most breaches is lost, stolen or ‘hacked into’ mobile devices used for remote access,” he says. “This is the fifth or sixth of these type of breaches that have happened with our federal government, and there seems to be a type of behaviour where they allow portable hardware to be attached to a network to extract information, and then that portable device that isn’t encrypted is lost or stolen.”

Route1 Inc. is  a data security and identity management company that provides solutions for secure, remote access to the US Department of Defense and the US Department of Homeland Security, as well as certain divisions of the Canadian Government and private sector businesses.

According to eBay, there is no evidence of any unauthorized activity and no evidence any financial or credit card information was stolen.

The company says its investigation is active and it can't comment on the specific number of accounts affected, but says the number could be large, so it is asking all users to change their passwords.

Target’s President and CEO Gregg Steinhafel resigned in the wake of the company’s massive data breach this winter.  The breach put the credit and debit card information, as well as email addresses and phone numbers, of more than 100 million customers into the hands of malicious hackers.  

Since then, Target – a Fortune 100 company – has faced declining profits and loss of consumers’ faith.

Companies like Target and eBay having to come forward and ask customers to change passwords and check their bank accounts creates a lack of trust, says Busseri, and ultimately puts the company in a poor light.

“It speaks to credibility,” says Busseri. “When organizations are looking to move data, there are more secure ways of doing it.

Cyberattackers stole a small number of employee log-in credentials that gave access to eBay's corporate network, the company said. The San Jose,California-based company is working with law enforcement to investigate the attack.

The database was hacked sometime between late February and early March, but compromised employee log-in credentials were first detected two weeks ago.

Just recently, the computer security flaw nicknamed ‘Heartbleed’ took advantage of a flaw in a key piece of security technology used by more than 500,000 websites – including the Canada Revenue Agency – that had been exposing online passwords and other sensitive data to potential theft for more than two years.