eBay Breach and Records Management
Looking back at the eBay data breach and what this means for companies going forward
What we can learn from the eBay breach
eBay announced a truly massive data breach in 2014 of sensitive data on 148 million customers, making it perhaps the second largest data breach of all time, exceeded only by the 160 million records announced lost in June 2013 by a variety of companies.
This breach poses severe risks for general identity theft and password theft. Consumers are well advised to change passwords and use credit monitoring services.
Details of the compromise
According to eBay, this compromised data includes:• customers' name
• encrypted password
• email address
• physical address
• phone number
• date of birth
eBay claims that no credit card information nor social security numbers were lost in the compromise. Further, its subsidiary PayPal was uncompromised. The data was collected in late February and early March, 2014. As of this writing, eBay has not said if this is their entire customer database or not, so it seems prudent to assume all of them.
Importance of safe Records Management
As you can imagine, with a breach of this magnitude, most companies are left with questions on how they can prevent a similar event.
There are obviously lots of basic procedures we can undertake as part of the process to ensure we keep all client details safe, but one of the biggest risks inevitably will be to ensure employee records are kept up to date with any offsite provider you might use.
To put that into context, you have a lovely office that you run with say, 20 other members of staff. You deal with a multitude of hi value clients as part of managing their investment portfolio. One of your office staff have access to request these records from your offsite provider through an online portal.
They leave your business to go and work for a competing firm, but you do not update their access restrictions. Even though he will be breaking the law by requesting these items from storage, the option for him to do so is there which poses a massive risk to your business and its credibility.
• Make sure your staff access lists are updated with your offsite storage provider when they leave the business.
• Make sure you have access restrictions in place for staff who are only allowed to see specific document types.
• Review passwords with staff as some excellent studies show that people reuse passwords with frightening regularity. Further, the same password is very often used independently by a variety of users (the top three passwords are 123456, password, and 12345678), so-called password collisions.
At Kelly’s, we support our clients in this regard with our easy to use and modern Web Portal. It’s been custom built to support all of the above to ensure we negate any potential risks for our clients.
Get in touch with us for more information about how Kelly's Records Management can help you