Public sector, universities struggle with access controls
April 1, 2014

High-profile data breaches seem to hit the news with increasing regularity and persistence in the past few months, especially as national and international retailers have experienced some of the most damaging events in history during a relatively short period of time. However, public agencies and higher education organizations also seem to be struggling with access controls and information governance, as several breaches have occurred recently. 

Government officials are responsible for managing a variety of sensitive data types, while schools often have a large volume of personally identifiable information in their storage environments as well. Subsequently, decision-makers in these agencies and organizations must get more proactive and comprehensive in their security planning, or run the risk of falling victim to avoidable and highly damaging privacy issues. 

DMV's 'uh-oh' moment
In what is still a relatively fluid situation, The Los Angeles Times reported that the California Department of Motor Vehicles might have been breached by a significant attack on credit card data. The news provider stated that an investigation is currently underway, but officials from the department do not yet have concrete evidence whether information has been exposed, nor the magnitude of the threat. 

The source cited a comment from the DMV's spokesperson which indicated that the department is working with law enforcement officials and security professionals to get a better handle on the situation. 

"There is no evidence at this time of a direct breach of the DMV's computer system," the DMV stated, according to The Los Angeles Times. "However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement."

The news provider also cited the opinions of expert Brian Krebs from Krebs on Security, who believes that as many as 1,000 credit cards might have been compromised by the attack, and that the potentially fraudulent transactions likely occurred between August 2013 and the end of January 2014. 

Considering the wide breadth of services provided by the DMV, this event could have significantly negative consequences for those who used their credit and debit cards. As is the case with any organization that manages transaction data, access controls must be a priority.

Fool me twice…
CBS News recently reported that the University of Maryland has confirmed a breach occurred on its network that led to the exposure of personal information, and that this is the second event to hit the school's systems in less than one month. However, the source noted that the Federal Bureau of Investigation, which assisted in the response to the breach, believes that no significant level of personal information was released. 

Still, this should show how aggressive hackers are when they find vulnerabilities in potentially advantageous networks and systems, especially those that hold sensitive data. With more advanced, multi-factor authentication solutions, these types of problems can often be mitigated.