US State Department email breach - Weekly Mobile ID Roundup #004

September 24, 2018
1 minute read
Category: Mobile Identity
Author: IPification Team

Nobody is immune to security breaches. Not even the employees of US State Department.

Breach of their unclassified email system affected less than 1% of inboxes, and personally identifiable information has leaked. The issue in itself might not be a big one, but taking into consideration which organization was targeted, and that not even two-factor authentication was used - makes it significant.

Especially when we consider that US Department of State is failing to meet defined federal cybersecurity standards.

Retailers must improve security

Risk management firm SecurityScorecard spent five months monitoring over 1,400 domains in the retail industry to identify different vulnerabilities, and their findings are not promising. Far from it.

Among 18 major industries, retailers are second to last in terms of application security, just above the entertainment industry. Almost 98% of retailers monitored where not compliant to PCI DSS Requirement 6 which deals with app security!

This is a big issue when you consider that a breach of any retail app might leak users’ personal data including financial data like payment card numbers. And criminals ARE targeting retail industry more often than many others.

Good news about user expectations

Recent research by Mitek, shows that 85% of consumers in the US are more likely to interact with websites which verify identity of all their users. And two thirds said that they are more likely to do business with a website that can guarantee the identity of an individual.

At the same time, 82% are concerned that ecommerce websites are not doing enough to verify user identities. And if you read this post carefully, you already know that they are right to be concerned.

Research shows that consumers are increasingly aware of security issues. It’s up to us to businesses to keep up.

Yet another SIM hijacking incident

Most stories about SIM hijacking are harrowing. People lose access to many of their accounts, and sometimes significant amounts of money. And their stories go on and on, while they try to recover what they can.

This story, about an attack on a Hawaiian news personality was not as bad. Ryan Ozawa did have to work on getting back his phone number and access to his popular Instagram handle, but fortunately that was it.

It’s still worth noting - you should take every precaution to secure your accounts, mobile operators should work on improving their processes, while app developers should consider different types of user authentication.