Another day, another breach. This morning while sipping on my coffee I read about a security breach that the Metropolitan Companies Inc. suffered recently. The MetropolitanCompanies is a conglomerate of companies that provide services ranging from temporary worker placement to interpreter and translation services.
On April 21, 2014 they detected a breach of their systems by a third party. It appears that this third party, whomever they may be, snuck in through a backdoor and removed documents from the system. Once the company detected the breach they disabled access to the system and called in a forensics team to ascertain the extent of the breach.
After some poking and prodding it was determined that the intruders had access to personally identifiable information such as name, address, phone, email, SSN, date of birth and so on, and so on. Basically enough data for an identity thief’s wet dream. No indication was given as to the duration of the breach beyond the date of discovery.
So, what are Metropolitan doing about the situation? They’re sending out letters to affected customers and offering one year of free credit reporting. An interesting caveat is that they’re only providing monitoring for people over the age of 18 who have a Social Security Number and an address in the US. I’m figuring that they have no affected customers/clients outside of the United States.
So, what else is taking place?
We want to assure you that we have taken extensive measures to strengthen our IT security and prevent this type of event from happening again. This includes increasing firewall protections, enhancing threat detection and monitoring capabilities, and improving other data security measures.
"Increasing firewall protections” sounds like there was an oops in their firewall configuration. Not to beat on them in this case but, more to point out that configuration errors such as firewall rules that are “any-any” show up far too often when a firewall admin is under the gun by a project that has “C-suite visibility” or simply just doesn’t care.
When is the last time you conducted an audit of your firewall rule base?
(Image used under CC from CJS*64)