I have a great joke for you...stop me if you have heard it before:
A guy walks into a bar…he tells his friend, I have a legacy data system, should I protect it? His friend says nahhhh…. our data is not in there! Hahaha!!! We will just give the people who had their data stolen a year’s worth of credit monitoring and ID protection service. That’s what Uber did, and it worked out ok for them.
Ok, it is not that funny. Then again, neither is losing personal data.
Orbitz recently disclosed that a security breach that may have exposed the personal data of 880,000 of its customers.
The Expedia-owned travel website operator said the breach affected an older website (which makes it ok) and the platform of an unnamed business partner.
Do they really know what happened?
Well…the bad guys “may” have accessed information, and they may have even “likely accessed” information, but there is no direct evidence saying that they did. Everyone feel better now?
What Information was stolen?
The information attackers “likely accessed” included people’s names, dates of birth, email addresses, street addresses, and genders, Orbitz said. Whew. Good thing that there was nothing important in there!
However, Orbitz noted that there's no direct evidence from its investigation, so far at least, that any of the data was stolen. If you can’t prove it, then did it happen??
What information wasn’t stolen?
The breach, which took place between October and December 2017 did it involve any Social Security numbers, travel itineraries or passports. Happy days!! It was only every other bit of personally identifiable information!!!
The data breach incident, which was detected in early 2018, took place somewhere between October 2016 and December 2017. Why, you might ask? Great question! Most big tech companies have a string of legacy systems, often built with minimal security, ”The people who wrote those systems have long since left the company, making these poorly-monitored systems a liability.”
Hey….raise your hand if you have been to an Exate Tech pitch. C’mon. Get those hands up. Right…does this sound familiar?
What is Orbitz going to do about this?
Orbitz is currently working to notify the thousands of affected customers and plans to offer one year of free credit monitoring and identity protection service. So original! (as per Uber)…
What could Orbitz have done?
Orbitz (and any other firm) could have hired Exate Technology. Exate separates application security from data security.
YAWN. I know…it is less than sexy.
But it is better than the alternative!