Temporary Passwords Results in Serious Customer Data Breach for Westpac

Date: 2018-09-19
Author: Joakim Thorén, CEO

Temporary Passwords Results in Serious Customer Data Breach for Westpac

It seems like companies will never learn. Passwords continue to be the culprit of data breaches, especially temporary password-only security measures. ABC reported Westpac is the latest banking organization to suffer a temporary password only breach.

And while data breaches are generated by outside hackers, the Westpac breach was caused by an employee, who accessed the temporary passwords and handed them over to a mortgage broker.

In a serious breach of data privacy, the mortgage broker gained direct access to 80 personal bank accounts of Westpac customers. The former Westpac employee reset passwords of customers and provided these temporary reset password to employees of the mortgage broker group.

And there within lies the problem – temporary passwords. First and foremost, employees should not have clearance to access customer’s temporary passwords and pass them on to another organization. Secondly, customers should be leery of temporary passwords and immediately reset them to avoid these types of privacy violations from occurring. And thirdly, organizations must monitor their employee access by limiting access to customer accounts.

Organizations should use strong two-factor authentication and identity and access management tools to limit employee exposure to sensitive customer data. Strong IAM solutions like our vSEC:CMS solution help companies manage the lifecycle of employee virtual and physical smart cards throughout the employment cycle from orientation to employment termination.

Banking customers should ask their institutions if they are using multi-factor authentication and management to ensure customer data is private and secure.

Tags: password, iam, two-factor, authentication, cybersecurity, cybercrime.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog
Share this article