Paris Hilton hack highlights security failure

The recent Paris Hilton incident, when hackers stole addresses and phone numbers from the celebrity's smartphone, highlights a wider failure to secure consumers' personal information, Gartner has warned.

Avivah Litan, vice president and research director at the analyst, said that the hack, which resulted in the contact details of stars including Anna Kournikova being posted onto multiple internet sites, shows that service providers and regulators, including those outside the banking and credit card industries, need to do more to safeguard sensitive customer data.

The warning comes after the security breach on 22 February, when a T-Mobile spokesperson confirmed that someone accessed and stole phone numbers, personal notes and photographs stored on Hilton's Sidekick II smartphone.

According to Gartner, the data was compromised in one of two ways: someone hacked into the server at T-Mobile where the data resided; or someone stole her password either offline or online through phishing or keystroke-logging malware.

"Whatever the method, this incident confirms Gartner's belief that service providers need to take an holistic view of combating fraud and break-ins. They must erect as many walls as possible, using a multi-channel, cross-silo system approach," said Litan.

In order to better safeguard customer information, service providers should encrypt data, implement strict systems that manage access to this data and extend data protection methods used for credit card account information to all sensitive information.

The analyst firm noted that data encryption, network segmentation and data access management processes are all requirements under the Visa and MasterCard payment card industry standard for companies that handle cardholder data, as T-Mobile does.

Gartner also believes that regulators should impose penalties and fines on service providers that do not safeguard sensitive customer data.

"While there are some basic steps that consumers can take to protect their data, such as not sharing passwords, customers should not be held accountable for breaches and hacks beyond their control," said Litan. "The guardians of the data have to take steps to protect consumers and other customers."

See also:

Police called after hackers crack UK PC dealer

Jal Computers hit by email system attack  11 Mar 2005

Celebrity hacker strikes again

First Paris Hilton, now Limp Bizkit  07 Mar 2005

Mobile backup failure puts friendships in peril

A third of mobile users don't keep a separate record of important numbers  22 Feb 2005

Cabir mobile phone virus hits the US

Bluetooth hijacker spreading slowly but surely  21 Feb 2005

Security

The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!