UK Government Data Website Suffers Security Breach!

The BBC has reported  that the government’s data.gov.uk website has suffered a security breach, which has resulted in the leak of a database of usernames and email addresses.

Spencer Young, RVP EMEA at Imperva, said: “Passwords continue to be an Achilles Heel in the fight against cybercrime as improper user behaviour – such as weak passwords or use of the same password across different sites continues. What’s disturbing, aside from the doubtless potential for high levels of confidentiality within emails emanating from the Government, is that there are simple, effective methods such as two-factor authentication, and TLS Client Authentication, which have been shown to be extremely secure, yet usability issues have hampered adoption.

"This is an outcome of a continual lack of understanding and investment from Government in security strategies that enterprise Britain adopt as standard operating procedures. This attack was unfortunately always a matter of time.”

Ryan Wilk, VP at NuData Security, added: "In just a week there is news of a second “non-breach ‘breach’” of sensitive user PII data.  The unfortunate mishandling of trusted data in the Deep Root’s incident, and now this, continues to show that sophisticated hacking is not required to obtain troves of identity data that can be used to create fraudulent identities or access online personas.  

"We have hit a turning point where financial and identity cybercrime has become something that a person with the most basic computer skills can dabble in.  Because of this, merchants and FIs need to rethink how they protect and identify their users in the digital world. We need to protect all consumer data, but more importantly, we need to make it valueless.  

"Using advanced techniques like Passive Biometrics and Behavioral Analytics gives merchants and FIs a step up on the bad actors looking to monopolize this data. Understanding the user behind the device is key in effect devaluing the stolen identity data to any other person or entity."

Mike Ahmadi, global director of critical systems security at Synopsys, said: "Organisations continue to rely on passwords as a primary authentication method, and this is a huge problem. Many systems, for example, remain vulnerable to the Heartbleed bug, which makes harvesting passwords trivial. Those that can locate databases of hashed passwords can harvest the hashes and then take their time cracking the hash through multiple tools built for such purposes.

"Once a password is discovered, attacks can scale massively before anyone is aware of a breakdown in security. It is time for organisations to rapidly move away from archaic password technologies towards much better chip card authenticated systems, which use much better multi-factor authentication."