Via ABC News -
The latest corporate data breach is from a company you may never have heard of, even though one in six American workers gets paid by the firm.
Automatic Data Processing, one of the world's largest payroll service companies, confirmed to ABC News that it was swindled by a data thief looking for information on hundreds of thousands of American investors.
According to a company spokeswoman, ADP provided a scammer with personal information of investors who had purchased stock through brokerages that use ADP's investor communications services. Initial reporting indicates that these firms include a number of brand-name brokers, including Fidelity Investments.
A Fidelity spokesman says the data breach compromised 125,000 of the 72 million active accounts at the brokerage.
A spokesperson for banking and financial services group UBS confirms that about 10,000 of its brokerage clients were among those whose data was disclosed.
In a prepared statement, ADP spokeswoman Dorothy Friedman said the data thief exploited a Securities and Exchange Commission rule that allows public companies to get names and addresses of shareholders from brokers, as long as the shareholder has not objected to the disclosure of such information.
The thief impersonated a corporate officer from a public company and got ADP to send the information.
Ahh, Social Engineering attacks never get old. If I said it once, I said it a million times...user security education. These type of attacks are the easiest to conduct and yet also the easiest to prevent. So why does it still happen? Two reasons.
1) People are human after all. Tell them not to look at something and they want to all the sudden. Tell them not to open any attachment and some will do it "just to see what happens".
2) Many companies don't take security education serious, or don't want to invest the money into their employees. You pay for a huge Cisco router and you always know where it will be - in the teleco room. You put that same amount into an employee and they can quit the next day.
No comments:
Post a Comment