Experts On San Francisco Retirement Program Suffers Data Breach

It has been reported that the San Francisco Employees’ Retirement System (SFERS) said it suffered a data breach after an unauthorised person gained access to a database hosted in a test environment. In a data breach notification filed yesterday, SFERS stated that one of their vendors had set up a test environment that included a database containing the information for approximately 74,000 SFERS members. While SFERS states that no Social Security Numbers or bank account information was contained in the breach, there was enough personal information exposed that could be used by threat actors in attacks. The leaked information for all members includes a member’s name, address, date of birth, and beneficiary information.


EXPERTS COMMENTS
Brian Higgins, Security Specialist,  Comparitech.com
June 04, 2020
This incident highlights the vital importance of data ownership and supply chain security.
This incident highlights the vital importance of data ownership and supply chain security. An organisation can have the best information security to ensure that centrally held data is managed and stored safely but the moment that data is shared it becomes vulnerable. Since the sharing of data is fundamental to business practice in the digital economy it should be incumbent upon every business to ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
June 04, 2020
Test environments are usually not secured or monitored to the same level as production environments.
Test environments are usually not secured or monitored to the same level as production environments, and it is never advisable to use real data in test cases. Rather, dummy data, or heavily redacted data should be used so that even if it is leaked or breached, it does not impact any real customers. Anyone impacted by this breach should keep a close eye on their credit rating, and be wary of unso ....
[Read More >>]
Michael Borohovski, Director of Software Engineering,  Synopsys
June 04, 2020
The breach itself is also interesting from a technical perspective.
A breach like this is interesting, both because it leads to almost guaranteed identity theft (if the information actually was accessed and downloaded), since it’s a treasure trove of financial information, identifying information, and security questions. Security questions, in particular, typically uses information that people *feel* is non-public, even if it usually is; wife’s name, where you ....
[Read More >>]
Jayant Shukla, CTO and Co-Founder,  K2 Cyber Security
June 04, 2020
Vulnerabilities, misconfigured servers, and misused credentials are among the top reasons systems get breached.
The SF Employee’s Retirement System breach is a good reminder that even applications on test systems need to be secured against threats, whether they are internal (bad actors in the organization and its partners) or external (coming from hackers trying to exploit vulnerabilities). Vulnerabilities, misconfigured servers, and misused credentials are among the top reasons systems get breached. ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article