I'm writing a piece for internal consumption on the Sony data breach and
how elements of it illustrate how good RIM policies and practices can help
in the overall effort of protecting an organization's confidential data.
Elements of the hack that I've identified so far specific to this point
are:
· Over 47,000 social security numbers have were publicized. These
appeared 1.1 million times in 601 files. Todd Feinman, CEO of Identity
Finder, a data security firm, said, ?The most concerning finding in our
analysis is the sheer number of duplicate copies of the social security
numbers that existed inside the files.?
· Human resources files from Deloitte and Touche were publicized.
One Sony HR employee had formerly worked for Deloitte, and had brought
over old files on their computer. Personnel files from 2005, containing
staff wages/salaries, job titles, addresses, and race & gender information
of over 30,000 employees were exposed.
· Passwords were publicized. Thousands of passwords to internal
computers, social media accounts, and web services accounts were exposed.
These resided in 139 Word files, Excel spreadsheets, .pdf?s, and zip
files, all with names indicating that the documents contained passwords.
Can anyone identify any additional elements of the Sony breach that are
good examples of how RIM (as opposed to pure cyber security measures) can
help protect an organization's private data and files?
Thanks,
Gary
The contents of this email are the property of PNC. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender. This message may be considered a commercial electronic message under Canadian law or this message may contain an advertisement of a product or service and thus may constitute a commercial electronic mail message under US law. You may unsubscribe at any time from receiving commercial electronic messages from PNC at http://pages.e.pnc.com/globalunsub/
PNC, 249 Fifth Avenue, Pittsburgh, PA 15222; pnc.com
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|