At a glance.
- Report shows pandemic increased risk to Telco employee data.
- Third-party breach exposes data of Oklahoma's Department of Human Services clients.
Report shows pandemic increased risk to Telco employee data.
Researchers at Constella Intelligence have announced the release of their Mobile World Congress 2022 Exclusive Report: Telcos & Digital Identity Cyber Risks, in which they analyzed cyberincidents experienced by the top twenty Telco companies on the Fortune Global 500 list between January 2018 and September 2021. Though the focus of Constella’s report is on the exposure of employee data and corporate credentials, the results shed light on the digital vulnerabilities faced by Telcos that could, in turn, lead to the exposure of private customer data. The report demonstrates that the pandemic – and the resultant increase in remote work – has had a major impact on Telco breaches, as more than half of the 5.6 million breaches analyzed over the three years occurred in 2021. 43% of Telco executives have had their corporate credentials exposed, and employees were increasing their risk of exposure by using their credentials on non-business sites such as gaming or social media platforms, and more than two-thirds of the breaches exposed personally identifiable information such as passwords and names.
Third-party breach exposes data of Oklahoma's Department of Human Services clients.
News on 6 reports that a data breach targeting a third-party vendor of the US state of Oklahoma's Department of Human Services (OKDHS) has potentially exposed the data of thousands of individuals with intellectual and developmental disabilities. Liberty of Oklahoma, which handles an Oklahoma Department of Human Services Waitlist Program, says they first detected the intrusion on December 7 when they discovered a fraudulent email account spoofing the account of a Liberty employee. Though the fake account attempted to hijack a payment going to Liberty, the theft was detected before the transaction completed. The impacted account contained an unencrypted spreadsheet containing the personal information of individuals participating in the Oklahoma Waitlist Program, including names, addresses, dates of birth, ages, phone numbers, Social Security numbers, and some Medicaid information. The account in question was quickly disabled, and Liberty Healthcare Technology Solutions is requiring multifactor authentication for all accounts from here on out. That said, some impacted individuals who have just become aware of the incident feel Liberty and OKDHS took too long to nofity them of the breach, and many are hesitant to interact with OKDHS for fear their data might not be safe. OKDHS released a statement encouraging clients to continue to participate in their programs, saying they’re taking precautions to maintain the safety of their client data, and that “the person-centered assessments offered through Liberty are a critical piece to providing navigation services to individuals while they are on the waiting list and helping the agency build a service array that will meet the unique needs of individuals with developmental disabilities and their families for years to come.”