Gerry Grealish

Subscribe to Gerry Grealish: eMailAlertsEmail Alerts
Get Gerry Grealish via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Web 2.0 Magazine, SaaS Journal, Security Journal, Secure Cloud Computing, CyberSecurity Journal

Blog Post

Living Social’s Data Breach

The Importance of Encrypting or Tokenizing Personally Identifiable Information

Living Social, the popular online discount site, recently experienced a cyber-attack affecting more than 50 million of their customers. Users with a Living Social account received an email explaining the data breach, which included hackers accessing customer user names, email addresses, birth dates and passwords.

In the email to customers, Living Social asked many users to change their password immediately. While the passwords were encrypted, Living Social Chief Executive Tim O'Shaughnessy wrote "We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s)."

Unfortunately, the other compromised personally identifiable information (PII) - user names, emails addresses and birth dates - was not encrypted, putting the personal data of millions of Living Social customers into the hands of cybercriminals. The dollar value associated with PII and the potential to use this information to commit identify theft and other online fraud has made these types of attacks more common. This may appear to be just another in a string of recent incidents where high-profile companies such as Apple and Twitter, those with significant amounts of sensitive customer data, came under attack by hackers. But, Living Social's upfront handling of the attack can serve as a forewarning for other companies holding large amount of customer PII.

These security breaches help demonstrate the importance of organizations taking the extra security step of encrypting all PII collected and held when working with customers. If and when a cyber-attack occurs (which we are seeing is seemingly inevitable for online companies), strongly encrypting or tokenizing all data fields would render all sensitive customer data (not just passwords) useless to hackers. This gives an enterprise and its customers confidence to conduct business online and share information without concerns of security attacks. It also helps protect the company from the liabilities and issues associated with these compromises should they occur.

Read the original blog entry...

PerspecSys Inc. is a leading provider of cloud data security and SaaS security solutions that remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies who rely on cloud compliance by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. Based in Toronto, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital and GrowthWorks.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.