Cantillon: Security an also-ran as Ubisoft breached
It merited just a few lines at the bottom of a page, and not even that on the major news wires – the latest data breach exposing the supposedly securely held personal details of millions of consumers to hackers.
Maybe, in the wake of the revelations that, via Prism, the US routinely has direct access to the activities of anyone worldwide through the servers of some of the biggest organisations on the web – including Facebook, Apple, Google, Yahoo and Skype – the loss of data from one company’s files hardly seems noteworthy. But it is.
Gaming company Ubisoft is just the latest in a long line of companies reporting that the details entrusted to it by customers – details without which those customers cannot use its service – have fallen into the wrong hands. In an email to users, Ubisoft struck a reassuring note – no financial information had been compromised as payment details are not stored by the company. Just as well. What was compromised were the user names, encrypted passwords and email addresses of up to 58 million users. The situation with phone numbers and physical addresses was unclear. Too late – the company is looking at ways to strengthen its security.
The big concern is that security still seems to be taking a back seat to growth and profit many years after it became clear how determined unscrupulous groups were to access such personal data.
Increasingly that matters. Increasingly, everyday transactions from baking to grocery shopping, entertainment to tax returns, and even health records are stored online.
Ironically, cloud computing – with data kept in central servers rather than locally – is all the rage. Even if additional security is in place, the data store available means the challenge for hackers is more attractive than ever.
In today’s wired world, all of us are obliged to disclose more than we would have traditionally chosen in order to use even the most basic of services. It does not seem unreasonable that those obliging us to provide such details should be expected to place its secure retention at the top of of their agenda. Unfortunately, experience indicates this may not be so.