A pair of data breaches is impacting parents and parents-to-be on both sides of the pond.
In the UK, hackers stole registration details for 15,085 new and expectant parents from the National Childbirth Trust (NCT), a childbirth charity. The usual data was compromised: email addresses, usernames and passwords. According to the BBC, the incident has been reported to police and the UK's Information Commissioner.
"NCT has suffered a data breach which, regrettably, has caused some users of our website to have their registration details compromised. We stress that no financial or personal details are held as part of this data so no financial or personal details have been accessed. We discovered the breach (on Wednesday), upon which we contacted everyone affected advising them of the breach and suggesting that they change their username and passwords."
Meanwhile, the AP has reported that a laptop and portable hard drives were stolen from the US Office of Child Support Enforcement—which may contain millions of kids' names and social security numbers. The agency oversees child-support programs across the nation.
"This once again underscores the serious risks and larger 'rules gap' issues relating to childrens' safety and their protection—both on the Internet and in data handling practices,” Andrew Komarov, chief intelligence officer at InfoArmor, told Infosecurity. “While this particular kind of data leak may not expose a specific security industry vulnerability, it demonstrates clear, overarching problems in handling of children’s sensitive information."
James Romer, chief security architect at SecureAuth, said via email that the UK incident shows the need to implement multiple identity access methods, such as device recognition, analysis of the physical location of the user, or even by using behavioral biometrics.
“For too long, organizations have relied on passwords as the single form of access control and it is simply not strong enough, nor adequate to protect vital applications and data,” he said. “If organizations haven’t yet learnt this from the many data breaches from the past year, then the news that The National Childbirth Trust has suffered a data breach, compromising email addresses, usernames and passwords should be a hefty reminder that businesses need to stop deploying such a minimal approach to authentication and take note that if they have something valuable, they are at risk from attacks.”
Photo © PHB.cz