Thales Blog

Orange Data Breach: Fool Me Once, Shame On You; Fool Me Twice, Shame On Me

May 16, 2014

According to news reports this week, Europe’s fourth largest telecom operator, Orange, has suffered another data breach. Having been hacked twice in just three months, Orange is expected to come under the microscope for its data security practices and the type of cyber attack defences it has in place.

While the breach was spotted on 18th April, the1.3 million customers affected were only informed this week to give the company time to assess the real nature of the damage. Thankfully, no financial data appears to have been compromised – however, the names, email addresses, mobile and fixed telephone numbers, names of mobile and internet operators, as well as dates of birth of customers was siphoned away into the dark recesses of the web. Understandably, Orange has been quick to advocate that those affected be aware of the risk presented by socially-based attacks like phishing, which thrive on the type of personal information listed above.

Apparently, the hackers were able to gain access to a platform that the operator uses to send promotional emails and text messages. Here, a crucial point to call out it is that this attack happened at the database level, where all this personal information was stored for commercial campaign purposes. Indeed, this is often the place where businesses across the spectrum store their data – making it a prime target of attack.

At Vormetric we know that encrypting sensitive data in databases is no longer an option – but a business security imperative. Once upon a time, organisations were concerned about database performance degradation, invasiveness and management complexity. All these anxieties understandably united to act as a barrier to more widespread adoption. Fortunately, this is no longer the case – transparent, business ready encryption is a reality and here to stay.

Of course, it is worthwhile to point out that Orange is not alone in suffering a breach of this scale. Indeed, company can be found in the likes of major retailers Target and Neiman Marcus whose own data breach incidents – where data at the database level was lifted – remain anchored in the headlines to this day.

With hackers increasingly directing their skills to target data held on storage platforms, it is abundantly clear that data needs a solutions like Vormetric Transparent Encryption to keep it safe.