A data breach at one of its partners exposed the contact details of approximately 800,000 Swisscom customers. The incident highlights how members of your organization’s supply chain can impact your data security.

Breach Incident Details

In a statement recently posted on the Swisscom website, the telecoms giant provided details regarding the data exposure:

  • In autumn of 2017, an unknown individual(s) used the login credentials of a Swisscom sales partner to gain access to customers’ name, address, telephone number and date of birth. No sensitive data, such as passwords or payment data, was affected.
  • Swisscom indicated that their sales partners receive limited access to customer information for identification purposes in order to advise and conclude or amend contracts with them. User logins and passwords were used to protect system access.
  • Swisscom discovered the incident during a routine check of operations, and the partner company access was immediately blocked.
  • Prompted by this incident, Swisscom tightened security for this customer information. Swisscom is taking the following actions: implementing tighter controls on partner companies, blocking access when unusual activity is detected, not allowing high-volume queries for all customer information, and introducing two-factor authentication in 2018 for all data access required by sales partners.

Learning from the Swisscom Breach

Here are a few takeaways from this incident:

  • Minimizing the time between incident and notification is a best practice. While Swisscom indicated in its release that “under data protection law this data is classed as ‘non-sensitive’”, the delay between autumn 2017 and early February is substantial. How you respond to a breach has an impact on public perception of the brand.
  • Your organization is only as safe as the organizations within your supply chain. Partners are a type of insider, with access to your sensitive data and systems. You should assess the partner’s approach to security and institute stringent access controls.
  • We’ve written before about the weakness of relying on a username/password combination. Swisscom’s introduction of two-factor authentication in order for partners to access data is a wise step.
  • Consumers must be extra-vigilant after a breach – even if the breached organization cannot confirm loss of sensitive data. Breached data poses a risk for consumers, making them susceptible to email and phone scams that are designed to steal money or obtain information to enable identity theft.
  • Organizations should be actively monitoring to detect and alert on anomalous use of valid credentials and access at suspicious times or from suspicious locations. Click below to learn more about Teramind.

Insider Threat Detection