Personal information about six million Chilean people was posted
online by a hacker.
IT security and control firm Sophos is reminding organizations
around the world about the importance of data security following
news that a hacker in Chile has posted personal details about six
million Chileans online.
According to reports in the
Chilean media, the hacker, known as 'Anonymous Coward' hacked into
government and military servers and stole data including ID card
numbers, addresses, telephone numbers, emails and academic records.
He then posted the information on a Chilean technology blog before
the owners of the site contacted authorities and removed the links.
The Chilean newspaper El Mercurio reported that the hacker had
committed the offence in order 'to demonstrate how poorly protected
data in Chile is'.
"Chile may seem far away to many computer users, but the scale
of this data breach should not be ignored," said Graham Cluley, senior
technology consultant for Sophos. "No matter how moral or ethical
the hacker's motives, this prank was irresponsible and has left
almost 40 percent of Chile's population at risk of identity theft.
Organizations around the world need to take this issue seriously
and defend against these risks. The consequences of falling victim
to such an attack can be much more far reaching than a simple fine,
including irreversible damage to your reputation and customer
confidence."
Sophos experts note that while the scale of the Chilean breach
was much smaller than the HMRC
debacle last year (details of 25 million UK families were lost
in this instance), the fact that the information was posted online,
however briefly, increases the risks of identity fraud.
"The good news is that it appears in this latest incident bank
account information was not compromised. However, details of names,
addresses, telephone numbers, social and educational information
was taken - and these may provide valuable stepping stones for
hackers who wish to steal identities," explained Cluley. "Although
the data has been removed from the two websites that the hacker
originally used for publication, there is no guarantee that he or
others may not post it elsewhere on the net and make the situation
worse."
Sophos recommends that all businesses ensure that their
computers are properly defended against the threat of hackers and
malware, and are using a consolidated
solution which can control
network access and ensure security patches are in place.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.