Skip to content

Lawsuits and Data Breaches

February 25, 2014

After the breach of the Target payment systems, a class action lawsuit was filed against the company. The action alleges that Target failed to implement strong enough security. Regardless of the merits of this action, it does bring to light a few things that we, as data professionals, should be aware of.

The first is that if our companies store any PII, financial, medical, or other sensitive data, we need to ensure that our management is aware of potential security pitfalls we see, as well as the possibility for legal action if the data is somehow disclosed. The risk and mitigation actions taken need to be weighed by management, and we should approach this as we might any other upgrade or enhancement to a system. With logic, and rational discussion about the issues, providing guidance and potential solutions.

However we also should be aware that no matter what security efforts we undertake, criminals are going to be finding ways around our defenses. As this piece notes, Target likely had security in place, but it’s never going to be enough because the attack vectors and techniques are out-pacing the ability of security techniques to provide protection. The solution, or at least a potential mitigating action, is one that data professionals can help with.

We, and the businesses that employ us, should be incorporating analytics into our defenses to detect abnormal actions, by both external and internal, users. We should be looking for potential ways that data is disclosed, and perhaps even scanning the Internet for potential leaks of data. We won’t prevent all problems, but if we can detect them early, we can limit the damage.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 2.5MB) podcast or subscribe to the feed at iTunes and Mevio . feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

About these ads

From → Editorial

2 Comments
  1. One thing that I have been noticing more and more of is the ever present need for ensuring proper practice when storing the data within a DB and also on backups via the SAN. Regulations are cracking down and security is a must to be at the forefront which a lot of companies I’ve seen are behind the curve. Really like the post

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 4,299 other followers

%d bloggers like this: