All is relatively well here
at Woesnotgone Meadow, where everyone has above average bandwidth.
Cebuana Lhuillier is located in the Philippines and is one
of the leading and largest financial services firm. Cebuana Lhuillier is
differentiated as this is not a bank. The firm has nearly 2,500 branches
throughout the nation. The services include a pawn service, remittance,
micro-insurance, and micro-loans.
With the business operations, the data held by the firm is
exceptionally valuable to the attackers who successfully compromise the system.
There were attempted connections to the business servers was detected on
January 15, 2019. There was a previous attack that was successful, which led to
unauthorized downloads from the business servers on August 5, 8, and 12, 2018. It
is curious why the second compromise was not deterred. When there is a
significant compromise, as a rule of thumb the cybersecurity staff or at least
the IT staff harden the systems so the business is not compromised again.
We should persevere to learn from not only our mistakes but
others. With at least the second compromise, the attack vector and method were
not published.
More than 900,000 clients were affected by the breach. This
is approximately 3% of the entire clientele. Although 3% is not that high of a
percent relative to the entire clientele, this is still a rather large number
of clients. The attackers may have accessed the client’s personal data,
including the dates of birth, addresses, and sources of income. Thankfully, the
details for the transactions were not included with the potentially compromised
client data.
The firm was surprised by the compromise. The firm, as a
result of the compromise, coordinated efforts with the National Privacy
Commission (NPC). The firm also contracted with a third party to manage the
compromise. The parties were investigating the issue. The company has already
implemented safety measures to protect the client’s data. The firm did suggest
to the clients for them to change their passwords.
This compromise emphasizes the need for
a strong perimeter defense.
Thanks for visiting Woesnotgone Meadow, where the encryption
is strong, and the O/Ss are always using the latest version.
References
Cyware Hacker News. (2019, January 22). Data breach at
cebuana lhuillier affects over 900,000 clients. Retrieved from https://cyware.com/news/data-breach-at-cebuana-lhuillier-affects-over-900000-cleints-b247b34b
Langsdon, M. (2019, January 19). Philippine financial
service firm flags data breach affecting 900,000 clients. Retrieved from https://www.reuters.com/article/us-hilippines-cebuana/huillier-data-idUSKCNIPD078
Merey, A. (2019, January 19). Over 900,000 affected by
ceduana lhuillier data breach. Retrieved from https://news.abs-cbn.com/business/01/19/19/over-900000-affected-by-cebuana-lhuillier-data-breach
Philstar. (2019, January 19). Cebuana lhuillier hit by data
breach. Retrieved from https://www.philstar.com/business/2019/01/19/1886427/cebuana-lhuillier-hit-data-breach
No comments:
Post a Comment