Beautiful People data breach: Industry reaction

Another day, another large-scale data breach. The victim this time is exclusive dating site Beautiful People, with the personal details of over 1 million members being stolen and leaked online.

In light of this latest example of the cyber security dangers now facing businesses every day, various industry professionals have offered their thoughts and analysis.

Richard Brown, Director EMEA Channels & Alliances at Arbor Networks:

“This hack on Beautiful People is the latest in a long line of data breaches we have seen over the last six months. The fact that hackers were able to access names, addresses and even the income of 1.1m users is testament to the fact that companies need to be doing more as threats evolve.

“In today’s threat landscape it’s essential for any organisation that holds data that maybe valuable to an attacker to have the ability to detect, validate and contain threats quickly. Attackers will make it past perimeter defences, and we should expect this, what we need to do is stop them before they achieve their goals. This isn’t all about technology – although having the right tools helps – people and process are key.”

Rob Norris, Director of Enterprise & Cyber Security EMEIA at Fujitsu:

"This breach coupled with the huge Ashley Madison breach last year suggests that dating sites are still a focus area for criminals. The fact that 1.1m customer details were stolen in December and remained undetected until now highlights this is a continuing issue. The amount of data and confidential information that is transacted every day, coupled with the growth in reliance on digital services, means that every organisation in any industry is at risk. Businesses need to consider the stark reality that a data breach will happen and ensure they have appropriate defences in place, but also are ready for when an incident will occur.

“With consumers battling to understand the effect on their personal information if a company is hacked, there is no room for error. According to research from Fujitsu, only 9 per cent of consumers believe British organisations are doing enough to protect their data. This means that organisations must not only ensure that they are using every possible method to protect customer data – from data encryption to robust firewalls – but they need to truly remain transparent with customers to instil confidence when it comes to data security.”

David Emm, principal security researcher at Kaspersky Lab:

"The impact such exposure can have is not only detrimental to the security of an individual’s personal details, but can also have serious financial implications. Customers that are entrusting private information into the care of a website should be safe in the knowledge it is kept in a secure manner and all companies who handle private data have a duty to ensure it.

"Unfortunately, once a breach of this nature has been made, there is not much that can be done. In this case, customers can change usernames and passwords just to be on the safe side, but ultimately, the damage related to customers’ privacy being compromised is not something that can be easily fixed. Consumers should always read any terms of use and privacy policies very carefully before sharing confidential data with websites.

"Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure.

"It’s crucial that businesses ensure all passwords are protected with proprietary hashing and salting technology. The best way for organisations to combat these types of cyber-attacks is at the beginning; by having an effective cybersecurity strategy in place before the company becomes a target.”

Stephen Love, Security Practise Lead – EMEA, Insight UK:

“The ‘Beautiful People’ dating site security breach is just another reminder of the necessity for every organisation – no matter how large or small – to have a robust security approach to its data management. Unfortunately, data breaches can, and will, affect every kind of organisation; and for this reason, all businesses must focus on reducing the fallout - not just preventing the breach.

"As malicious cyber-attacks are increasing in occurrence, complexity and sophistication, it’s no longer about just building walls and protecting access to the data - it is now about securing the data itself. It is also important to note that data breaches are not always the cause of outsider attacks but can also be the cause of internal threats. Although it is yet unclear as to how the Beautiful People’s data was hacked, it looks like this could be a possible cause.

"One of the most effective methods is encryption. Every organisation should be able to admit; “Yes, our network was hacked and data was stolen. However, your customer information is secure. It has made no difference to the business - reputational or financial - as we have protected ourselves so the data, if it fell into the wrong hands, is useless.

"In today’s age of big data, it is crucial businesses assess exactly what proportion of their data is most valuable and needs closer security attention. That way, every organisation can feel confident that they have the very best defensive measures in place and their data will be rendered useless in the event that it does end up in the wrong hands.”

Rob McConnell, Market Director, N. Ireland at SQS:

“Today’s announcement of the BeautifulPeople.com data breach is more than just a data breach. Following the recent Ashley Madison scandal, this hack has the increasing common hallmark of a lack of holistic software quality management. Adequate customer data security and monitoring control measures should have raised an immediate alert to suspicious and/or unauthorised activity.

“In a world where cyber criminals are getting smarter every day and the penalties for data breaches could destroy a business, it is vital that organisations don’t make life easy for hackers and ensure that software quality assurance no longer takes a backseat. The BeautifulPeople.com data leak is a very stark reminder of the personal and business risks associated with providing and managing customer data, and suggests that the lack of software quality processes within organisations can, and will, affect consumers – something that brands should desperately be avoiding.

“It has always been important to protect personal data, but in light of this and the reality of today’s ever changing digital environment, brands need to fully understand their data models; get to grips with their potentially unstructured, potentially poorly managed data and put processes in place to keep it safe.

"Defining, implementing and rigorously testing their data management procedures will enable institutions to get it right, to live up to their data privacy policies and to avoid catastrophic data breaches in the future.”

Terry Pudwell, Executive Chairman & Co-Founder, Assuria:

"This breach of the BeautifulPeople.com website is yet another in the relentless series of high profile cyber security breaches to make the headlines recently, and they'll keep coming.

Fortunately or unfortunately, depending on how you look at it, I don't have to personally worry about this one! But of much more concern to us in the cyber security defence industry are the countless breaches that are happening every day to our normal business customers, in pretty much every industry and public sector organisation that you can think of.

Those won't make the headlines, but they'll be just as damaging to companies and individuals. We're working hard to try to build our customer's defences against this onslaught!"