ProctorU Breach: Expert Commentary

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

by Security Experts | informationsecuritybuzz.com »

In response to the recent news about ProctorU’s data breach after a threat actor released a stolen database of user records, below are some insightful comments from cybersecurity experts on this topic.

EXPERTS COMMENTS
Saryu Nayyar

| August 11, 2020

Saryu Nayyar, CEO, Gurucul

Companies cannot turn a blind eye to their own security gaps.

“This is a case of who’s watching the watchers! The organization charged with watching students to discern bad behavior have themselves suffered from that very fate. Companies cannot turn a blind eye to their own security gaps. In this case, the gaps were dramatic enough to leak an entire database of student data. Time to rethink behavior analytics by monitoring for bad behavior both inside and outside the organization. Myopic security practices suffer from attacker blind spots.”

 

| August 11, 2020

Adam Laub, CMO, STEALTHbits Technologies

Sadly, this breach event looks indistinguishable from virtually any other.

“One of the more interesting fields of information buried in the schema details of the Proctoru.com database is “eu_citizen”. While one can’t say for certain based on the information provided, this field almost undoubtedly exists because of the groundbreaking EU GDPR data privacy regulation, which aims to hold all organizations collecting and storing the information of EU residents accountable for violations of that data’s privacy and security. Sadly, this breach event looks indistinguishable from virtually any other.

However, the element of Data Privacy adds an even more frightening twist to the keepers of this stolen data, as it’s not just reputational damage, breach recovery costs, and the seemingly obligatory free credit monitoring fees for the breach victims that they need to worry about. Harsh fines and even market-restricting measures that prevent violators from doing business with EU entities could be the death knell for many businesses that suffer a breach, especially those that demonstrate an inability to comply with the requirements of regulations like GDPR or California’s CCPA.”

 

| August 11, 2020

Paul Taylor, ESCALATE Mentor, Point3 Security

Personally identifiable customer data needs to be protected against more and more sophisticated attacks.

“This is another example of how exposed our digital lives have become. Personally identifiable customer data needs to be protected against more and more sophisticated attacks. Building a diverse security team that’s trained to handle the ever-shifting vulnerabilities is essential to securing the data your company holds.”

 

External Link: ProctorU Breach: Expert Commentary

Share this page:

Related Posts