The Portswigger Data Breach

Oct 6, 2021

How Multi-Factor Authentication (MFA) could have prevented the

potential exposure of 47,000 social security numbers

Data breaches are possibly one of the most feared things that can happen to any organization, entity, or public facility. Depending on the type of data involved, the consequences of such a breach can include the destruction or corruption of databases, the leaking of confidential information, the theft of intellectual property, and the inevitable regulatory requirements to notify and possibly compensate those affected.  Not to mention the bad press.

As such, nobody wants a data breach. But they still happen.

This summer, a New York university experienced a significant data breach. One that could have potentially exposed the personal information of nearly 47,000 individuals, leaving thousands of social security numbers wide open to exposure.  Yikes!

So, what happened?

The Research Foundation for the State University of New York (SUNY) announced it had detected unauthorized access to its networks.  A total of more than 46,700 individuals were said to be impacted by the breach, although it was not announced whether the people affected were employees, donors, or others who might be linked to the organizations.

In light of the attack, the Maine Attorney General hosted on its website a special security advisory (PDF) with more details about the incident.

Here’s what transpired:

  • The Discovery: Unusual network activity was noted that caused certain systems in their network to become unavailable.

 

  • The Investigation: The university immediately began an inquiry, employing a cybersecurity firm to take urgent measures to address the incident and to restore the systems.

 

  • The Notification: The university notified law enforcement.

 

  • The Conclusion: The investigation uncovered that there was unauthorized activity in the Research Foundation’s network between May 22, 2021, and July 9, 2021.

 

  • The Damage: During the time of the attack, an unauthorized party obtained files stored on Research Foundation’s file servers.

 

  • The Cost: The organization pledged to provide eligible individuals complimentary, one-year credit monitoring and identity theft protection services.

 

  • The PR: The university announced that to help prevent something like this from happening again, their Research Foundation would take immediate steps to further enhance the security of its network.

 

  • The Security Measures: The steps taken included the implementation of multi-factor authentication (MFA) and the deployment of an endpoint detection and response tool throughout its network.

 

Considering that the university went through all the above; the hack, the fear of exposure of thousands of social security numbers, the hiring of a security team, the notification, the press, simply to deploy MFA at the end, makes you wonder: why they didn’t have all of this in place in the first place?

The main reason for this is because many organizations do not employ MFA because integrating it into existing applications and services is complex, especially for non-web and thick/fat applications, which are not naturally compatible with MFA.

 [email protected] a Zero Trust Network Access (ZTNA) and MFA solution change all that.

is a ZTNA solution designed to enable organizations to easily integrate and deploy a centralized MFA solution (Synchronic MFA, Push messaging, Biometric, instant messaging, REST API) and identity awareness for all corporate/public entity applications, both web, and non-web.

 Due to its unique parameters, with ZoneZero, organizations reap all the benefits of ZTNA and MFA with zero disruption to existing infrastructures and no loss of initial investment.

ZoneZero provides identity-based segmentation and MFA for any and every internal application for secure access control, non-web protocols and legacy infrastructure. That means that organizations can easily integrate MFA and continuous identity verification for all applications.

With ZoneZero MFA, every request from any user/application to every application invokes an MFA action. For example, once a push notification is sent to the accessing user or IT administrator for an access attempt, ZoneZero prevents access to the resource, until the MFA responds. With its centralized approach, seamless integration, and rapid deployment, ZoneZero MFA eliminates identity takeover fraud while delivering a seamless experience.

 

In summary

Had the New York University had MFA in place, 47000 social security numbers would not have been at risk for exposure and we… would not be writing this blog 😊.

To find out how ZoneZero MFA can help secure your university or organization from potential data breaches, quickly and easily and with a fast return on investment, contact [email protected]

 

 

Dafna Lipowicz

VP of Human Resources

In her role, Dafna leads all HR activities at Safe-T, including: partnering with management team to advance and support the company vision and strategy, developing strategic HR plans and policies (training, compensation and benefits, etc.), organizational and managers development, recruitment and welfare. Dafna brings to Safe-T more than 17 years of experience in various HR managerial roles, in global and complex organizations as well as in growing start-ups (such as SanDisk, Logic Industries and Mantis Vision), specializing in establishing and leading HR departments, initiating and building organizational development, according to company strategy, management consultant, talent management and recruitment. Dafna holds both an LLB and an MA in Labor Studies from Tel Aviv University. She is also a certified mediator and group facilitator.

Request a Demo

  • This field is for validation purposes and should be left unchanged.