SAN JOSE, Ca. ? On Jan. 15, on-line shoe sales site Zappos notified customers about the breach of their
database systems that resulted in the exposure of customer data, which could have been prevented if the data had been encrypted.
Todd Thiemann, Senior Director, Product Marketing Vormetic, which provides encryption for 15 of the Fortune 25, said companies need to expand the definition of sensitive data beyond credit cards and
which data that customers entrust to companies should be encrypted. Luckily credit card information was not compromised.
But the last four digits of customers? credit card
numbers and encrypted passwords were stolen. Zappos did not mention whether the
encryption keys for the password database had been compromised, but the
company advised customers to reset their passwords.
?The one positive is you can see from this episode is PCI compliance standards are having a positive effect.?
Payment Card Industry (PCI) compliance is a set of security standards that make it more difficult for hackers to break into data bases online.
But Thiemann said other critical personal information still needs to be protected. Shipping and billing addresses, customer names and phone numbers are sensitive too. ?You need to take into account where it is located and how to protect it.?
What companies need to do is encrypt the entire database, not just single columns of information, he said. They also need to monitor the database to understand who is accessing the information, and protect against sequel injection attacks.
?Find out where the data is, secure the data so people who can?t see it don?t, encryption, and control access and report on that access is the service we provide at Vormetric. We provides encryption for 15 of the Fortune 25.?
a>>
