Story image

Mega breach: 800,000 Swisscom customers’ data stolen via hacked partner

09 Feb 2018

News broke recently of a huge data leak at major Swiss telco provider, Swisscom.

Affecting around 800,000 customers, the leak came when security at an external sales partner was breached, prompting the Swiss group to tighten access to its files.

Swisscom stressed that the leaked data contained only "non-sensitive information" like customers' names, addresses, telephone numbers and dates of birth, with no hyper sensitive information like passwords or payment data

High-Tech Bridge CEO Ilia Kolochenko and WinMagic EMEA VP Luke Brown say this "non-sensitive information" is anything but, and while Swisscom may be playing the incident down, the implications of the breach will be far and wide.

"Globally speaking, it's a drop in the multi-billion ocean of data breaches. However, for Switzerland, it is a very important data breach that will likely impact almost every family in the country,” Kolochenko says.

"The allegedly stolen data provides cyber criminals with a great wealth of opportunities: from impersonation and password recovery, to various spear phishing and sophisticated fraud campaigns. Switzerland is one of the most wealthy countries and represents a great interest for cyber gangs. This data can be exploitable during the next few years and may cause substantial harm in the long run.”

Brown says the breach and Swisscom's claim that the customer data taken is non-sensitive underlines a huge misunderstanding between many companies and their customers.

"Customers share data on the basis that it will be respected and protected – to them all data shared privately is sensitive," Brown says.

"The industry has spent years telling web users how to protect themselves from Identity fraud, and now the industry has to eat its own dog food, and make sure all customer data is persistently encrypted and protected from data breaches – it is the last line of defence for customers and the company.”

It all came to light during a routine check of operations that revealed malicious parties had stolen access rights of the sales partner late last year to ultimately swindle the data from Swisscom.

Since the breach, Swisscom has blocked the unknown partner’s access and put in place new policies that ban high volume queries for all customer information and require two-factor authentication for all data access by sales partners.

Kolochenko says security of third-parties (like partners) is a major and widely unaddressed problem these days, with many large financial institutions and e-commerce businesses already having lost millions of records because of hacked third-parties.

“Cyber criminals won't assault the castle, but will instead find a weak supplier with legitimate access to the crown jewels. However, the good news is that we see more and more companies who rigorously implement, for example, vendor risk assessment policies now, to prevent such risks,” says Kolochenko.

“Swisscom's efforts to mitigate and investigate the breach are laudable, but they won't really help the victims. Free webinars on cyber security and phishing prevention for the victims would be very helpful to prevent exploitation of the stolen data and to raise their overall level of security awareness."

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.