The Weekly Breach Breakdown Podcast by ITRC - Breaking the Third-Party Wall - S4E31

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for November 3, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we will discuss data breaches, including third-party breaches that can affect personal information. We will focus on the D.C. Board of Elections (DCBOE) and Okta breaches.

Latest Okta Breach

The recent Okta breach has once again highlighted the need for consumers and companies to be vigilant about their personal data. According to reports on the data compromise, attackers could access files containing cookies and session tokens uploaded by customers to Okta’s support management system using stolen credentials. The Okta breach raises concerns about the security of customer data and how it can be compromised. 

Attackers could use the stolen session tokens and cookies to hijack customer accounts, which is a major cause for concern. The support case management system also stored files used to replicate user or administrator errors to troubleshoot various user-reported issues, making the situation even more problematic. These files contain sensitive data, which malicious actors could use to impersonate users.

D.C. Board of Elections Data Event

In an unrelated but similar breach, the DCBOE reports that a threat actor was able to breach a web server operated by a hosting provider, potentially gaining access to the personal information of all registered voters in D.C. What does this mean for D.C. voters? The entire voter roll that may have been exposed contains a wide range of personally identifiable information (PII), including driver’s license numbers, dates of birth, partial Social Security numbers, and contact information such as phone numbers and email addresses.  

The Rise in Data Breaches

Data breaches are an all-too-common occurrence. The DCBOE and Okta breaches are just the latest in a long line of such incidents. The ITRC has already recorded a record number of data compromises in 2023, with two months remaining in the year. 

Companies & Government Should Safeguard Personal Information

The DCBOE and Okta breaches highlight the need for companies and government agencies to safeguard their customers’ data as thoroughly as possible. The need to protect data isn’t limited to the systems an organization operates but also those used by their vendors that have access to the personal information of their customers. The single largest data breach so far this year involves an attack against an organization that supports thousands of companies worldwide. 

The Importance of Consumers Protecting Their Personal Information

The rise in data breaches in 2023 also underscores the importance of consumers protecting their personal information. While it is impossible to eliminate the risk of a data breach, companies, government agencies and consumers can work together to minimize the impact of these incidents. By organizations investing in robust security measures and consumers taking steps to protect their personal information, we can create a safer and more secure digital environment for all. 

Contact the ITRC

If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. We will return next week with another episode of the Weekly Breach Breakdown.