Cisco Systems, a renowned leader in IT, has admitted that one of its websites has leaked their users’ personal details.
It goes to show that even the big IT companies can find it impossible to keep personal data 100 per cent secure. You could argue that it’s particularly embarrassing for Cisco, as the company reportedly prides itself on its security.
It’s a stark reminder about just how vulnerable our personal data continues to be!
Issue with data protection
Following system maintenance, an independent security researcher discovered that some job applicant’s personal details on the mobile version of Cisco’s Professional Careers website were accessed. There appears to be no one else to blame other than themselves, as they reportedly failed to put the correct security settings on after the system maintenance.
Their investigation uncovered the lax in security from August 2015 to September 2015, and then again in July 2016 to August 2016.
Importance of encrypting data
It transpires that Cisco may also have failed to encrypt the data or hash the passwords. Encrypting data is important as it allows you to securely protect data and it can make it harder for cyber-hackers to access data leaked or hacked. Cyber-security experts say that encryption is something that should be enabled by default, and should not be an “opt-in” feature.
This shows the importance of encrypting data if companies are serious about data protection.
What kind of data was breached?
The exposed data included: names, addresses, email addresses, phone numbers, usernames, passwords, answers to security questions, education, cover letters, CVs, and other voluntary information, such as gender, race, and disability. So, basically, a complete profile of you!
It’s a huge cause for concern when personal data is leaked, as it could allow the unauthorised persons to commit identity fraud with ease, or access other accounts held by you on the assumption that most remain guilty of reusing passwords and information.
While some may argue that bank details have not been leaked, personal information listed above can still be enough to carry out some damage, and may still be seen as a “treasure-trove” for cyber-criminals.
The IT Company says they take data protection and transparency very seriously, which is why they’ve thoroughly investigated the incident, and will be implementing further safeguards to prevent a repeat incident.
There should not have been a reason in the lax in security, especially as Cisco has a Data Loss Prevention scheme which offers ‘comprehensive security solutions for data’. The website also details further information about how the scheme can prevent accidental or malicious data loss, so it is sort of ironic that the IT Company offers such a Data Loss Prevention scheme but is unable to prevent such data loss themselves.
However, Cisco seems to have responded to the data protection issue in a positive manner by notifying the affected individuals, as well as putting additional safeguards in place.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.