News Stay informed about the latest enterprise technology news and product updates.

MTV breach affects 5,000 employees

Employee Social Security numbers and dates of birth were stolen via a laptop Internet connection, according to reports.

Employees at MTV Networks are watching their credit reports more closely after the company acknowledged that the personal information of 5,000 employees was stolen late last week.

Yesterday's teenage hackers have figured out that they could make money doing this stuff and that change in motivation has changed the nature of their attacks.
Ted Julian,
vice president of marketingApplication Security, Inc.

The attack took place via a laptop Internet connection, according to a report in The Wall Street Journal. Viacom Inc., which owns MTV Networks, did not release further details of the attack.

In an email to employees, Viacom said employee names, Social Security numbers and dates of birth had been stolen. Viacom said in a statement that law enforcement had been contacted and a criminal investigation is ongoing.

Companies are under increased pressure to guard against data security breaches. Security experts say it takes a mixture of strict security policies, end-user education and security technologies to help thwart an attack.

Data security breach:
Data breach costs soar: A Ponemon Institute study indicates the costs associated with data breaches have soared and will continue to skyrocket unless companies do more to prevent them in the first place.

Industry group uses awareness month to lobby for data breach laws: The Cyber Security Industry Alliance is shifting from educating businesses to targeting members of Congress in its push for tougher data security and data breach notification laws.

TJX data breach costs could be settled in court appeal: It remains unclear how banks will recoup all the costs associated with reissuing millions of credit cards as a result of the TJX breach.

"This is one of those classic problems where people are so confused and when it happens, they get frozen into inaction," said Prat Moghe, founder and chief technology officer of database security vendor, Tizor Systems Inc. Rather than going into areas where they're weak on protection, they end up spending more and more money in areas they're already protecting."

A study by the Elk Rapids, Mich.-based Ponemon Institute found that the total average cost of a data breach grew to $197 per compromised record.

Companies tend to spend money on expanded use of encryption technologies, according to Ponemon. They also invest in new data loss prevention and identity and access management products; and deploy new technology for endpoint security and perimeter control, and event management.

Once the dust settles after a breach, Moghe recommends looking internally at where sensitive data resides on the company systems and how it is accessed. That would help to find the channel of where the data was lost and in plugging those holes, Moghe said.

Companies should also take an inventory to determine the most valuable data and figure out the security protections that are most appropriate to protect the data, said Ted Julian, vice president of marketing at database security vendor, Application Security, Inc. Julian said he's seen many firms discover databases they didn't even know they had, usually as a result of a merger or acquisition. In some cases, the role of IT is decentralized and many business units are free to create databases or implement the latest technologies.

"Yesterday's teenage hackers have figured out that they could make money doing this stuff and that change in motivation has changed the nature of their attacks," said Julian, who was a founder and chief strategist of Arbor Networks. "They're no longer defacing a website to show they can compromise a server, so yesterday's defenses are becoming meaningless."

More than half of corporate endpoints assessed by antimalware vendor Sophos fail to be secured, said Mike Haro, a senior security consultant at Sophos Inc. In many cases client firewalls have been disabled and antivirus definitions are not up to date, Haro said.

"It's just that enterprises just don't have the right policies in place for managing policy and patch assessment and we see that network access control (NAC) is still not widely deployed," Haro said. "NAC as a solution is still perceived as a complex technology and people are still not exactly sure what issue would be solved with it."

Dig Deeper on Data security breaches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.