Temporary Passwords Results in Serious Customer Data Breach for Westpac
Previous << NIST Will Target SMBs Cybersecurity Education
By Joakim Thorén, CEO
It seems like companies will never learn. Passwords continue to be the culprit of data breaches, especially temporary password-only security measures. ABC reported Westpac is the latest banking organization to suffer a temporary password only breach.
And while data breaches are generated by outside hackers, the Westpac breach was caused by an employee, who accessed the temporary passwords and handed them over to a mortgage broker.
In a serious breach of data privacy, the mortgage broker gained direct access to 80 personal bank accounts of Westpac customers. The former Westpac employee reset passwords of customers and provided these temporary reset password to employees of the mortgage broker group.
And there within lies the problem - temporary passwords. First and foremost, employees should not have clearance to access customer's temporary passwords and pass them on to another organization. Secondly, customers should be leery of temporary passwords and immediately reset them to avoid these types of privacy violations from occurring. And thirdly, organizations must monitor their employee access by limiting access to customer accounts.
Organizations should use strong two-factor authentication and identity and access management tools to limit employee exposure to sensitive customer data. Strong IAM solutions like our vSEC:CMS solution help companies manage the lifecycle of employee virtual and physical smart cards throughout the employment cycle from orientation to employment termination.
Banking customers should ask their institutions if they are using multi-factor authentication and management to ensure customer data is private and secure.
Tags: password, iam, two-factor, authentication, cybersecurity, cybercrime.