The data leak happened because there were no passwords on the server. This meant that the Paay data was available to anyone who wanted to access it. Each transaction contained the full plaintext credit card number, expiry date and the amount spent.
The repercussions of this breach are beyond the initial exposure, since Paay offers a service as a third-party ‘middleman’ between two banks by providing an additional security layer for the transactions.
According to Anurag Kahol, CTO and co-founder, Bitglass: “Paay’s security lapse demonstrates how misconfigurations continue to be a common culprit behind data leaks. Not only will companies be dealt with fines under global data privacy mandates by failing to properly secure customer data, but these types of incidents will significantly harm customer trust.”
Drawing on new research, Kahol tells Digital Journal: “IBM found that 75 percent of consumers say that they will not do business with companies that they do not trust to protect their data.” This finding underscores the public’s view of the obligation that organizations have to handle data responsibly and protect it from hackers.
It is important for banks of all sizes only rely on vendors and third parties that are suitably compliant and come equipped with the necessary security and certifications to keep customers protected.
Kahol explains: “As organizations continue to store sensitive information in the cloud, adopting proper cloud security measures is critical. Unfortunately, just 34 percent of companies have implemented single sign-on (SSO), an essential cloud security measure.”
Other recommended preventative measures are, according to Kahol: “Organizations that seek to avoid similar cloud security failures, protect customer data, and uphold their brand reputation must have full visibility and control over their data. This can be accomplished by leveraging multi-faceted solutions that enforce real-time access control, detect misconfigurations, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data leakage.”
The timing of such data breaches are especially significant during the global health pandemic, a factor that has also led to more purchases being made online.
