National Public Data Breach Puts Personal Information at Risk: Expert Insights
August 2024 by Craig Birch, identity security expert and Principal Security Engineer at Cayosoft
The recent data breach involving National Public Data is being described as the biggest breach of Personally Identifiable Information on record, affecting approximately 2.9 billion individuals across the US, UK, and Canada. Craig Birch, identity security expert and Principal Security Engineer at Cayosoft comments this attack.
"The National Public Data breach is part of a broader trend of cybercriminal activity where ransomware gangs not only encrypt data but also extract and sell it on the dark web to coerce payments. This breach, affecting nearly 3 billion individuals, is one of the largest in history and follows similar incidents involving major companies like AT&T and Live Nation. The frequency of such breaches are increasing – a 2023 cybersecurity report from MIT Sloan records, "Data breaches increased by nearly 20% in the first nine months of 2023 compared with all of 2022, and ransomware attacks escalated by almost 70% in the same time frame." While attackers only need to find one vulnerability to exploit, organizations must defend against all potential entry points. The attackers have a clear advantage, especially as many organizations have neglected security in favor of other business priorities.
Criminals are motivated by financial gain and as long as they can profit from this data, we will continue to see these attacks. Organizations must focus on mitigation and reducing the impact by developing comprehensive security strategies that include systems, personnel, and processes. Strategies like multi-factor authentication, least-privileged access models, and just-in-time access for administrators will be paramount. Businesses should also adhere to guidelines mandating storing only the minimum amount of personal data necessary for a given service. Individuals should be mindful of the data they share with organizations and understand that this information could be exposed in a data breach. They should also be aware of their rights in the event of such an occurrence."