back to article While Western Union wired customers' money, hackers transferred their personal deets

Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants. A Register reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage …

Silver badge

Repeat after me: "It isn't a cloud, it's someone else's computer that you don't control".

15
1
Anonymous Coward

So host it locally, administered by recent graduates paid $24k PA? Or maybe by TCS or Wipro staff paid 1/4 that?

Times have changed, old man, you need to update your opinions. There is zero chance your company can hire security staff as qualified as those who work for Amazon, Microsoft, Oracle, etc.

3
15
Silver badge

So host it locally, administered by recent graduates paid $24k PA? by administrators who know their jobs and their colleagues jobs depend on its security.

A business's data is its life-blood. Guard it accordingly. If that means paying an appropriate salary, pay it.

"Times have changed"

You say that as if it's a good thing. Evidence says not.

13
1
Anonymous Coward

"There is zero chance your company can hire security staff as qualified as those who work for Amazon, Microsoft, Oracle, etc."

Pure fantasy on your part.

4
1
Silver badge
Windows

I'm going to guess here, you've recently graduated from a "How to secure computers" course and are now working for Amazon, Microsoft or Oracle.

You *do* realize that the global monster corporations have a rule, two people with qualifications, in a corner, writing things, and 2,000 people at minimum possible wage to do the work right?

Us "Old Mans"* are the ones that get called in when the airborne fecal matter impacts the rotary aerators for a very good reason.

________________________________________________________________________________

________________________________________________________________________________

*I'll note that one of the best forensic accountants and network flow analysts I've ever met is both old, and at one time was a man but now is no longer. And for that matter, there are Old Woman types I'll defer to as they have the breadth of experience and knowledge to make even my ego look small.

1
0

Before all the hype flowed out of and money flowed into the "cloud" the first axiom of computer security was that whoever had physical control of a computer had control of whatever is on the computer. While paradigms and business models may have changed reality has not.

1
0

This post has been deleted by its author

Silver badge
Pint

"...a year of free identity-fraud protection..."

Thank you for enrolling in our generous offer of a year of free identity-fraud protection. Unfortunately the identity-fraud protection company was using a cloud service provider that had failed to totally lock down their server. So all of your personal identity details have been nicked, again.

By way of further and generous compensation, we would like to wire you some money. Please email us all of your personal and banking details, and please be sure to include "Private Info: ..." in the Subject Line for your protection.

8
0
Anonymous Coward

Leaks-Breaches-Hacks - Cloud-Outsourcing-Clusterfucks

My trust factor hit rock bottom long ago. Now I only buy what I have to (after risk assessment), and only share info, if something is essential and there's absolutely no other way. The overlords in charge have been relying on the Tesla autopilot for way too long. Now all we see are 'car crashes'!

2
0
Anonymous Coward

Blaming 3rd party data storage. Which vendor could it be?

Who cares! That's passing the buck. The buck needs to stop and the lawsuits start (in every country / region), with the entity that deals with customers directly. Only then will we see some financial accountability...

4
0
Silver badge

Re: Blaming 3rd party data storage. Which vendor could it be?

Who cares! That's passing the buck

The old ITIL stchick about outsourcing was that it was a good thing because it outsourced the risks and costs of IT to someone else.

Which completely fails to realise that yes, a proportion of the costs may be outsourced but the risk (to your business) remains with you. Yes, you don't have to go through all the grind of maintaining servers and whatnot yourself (economies of scale) but the risks to your business remain the same.

In fact, the risks are increased because your have now increased the complexity of your IT and multiplied your attack surfaces - all of which increase your risk.

Sure, you have reduced your risk of IT hardware failure, but you have now massively increased your security risks - especially since your business-critical data is now in the hands of a 3rd-party and (unless you have been very, very careful in your contract terms) you have no idea of who now has access to the data.

Outsourcing - hates it we does.

3
0
Silver badge

Re: Blaming 3rd party data storage. Which vendor could it be?

"Sure, you have reduced your risk of IT hardware failure"

You've introduced a new one: the comms between yourself and the provider(s).

3
1

Re: Blaming 3rd party data storage. Which vendor could it be?

Exactly!!!! I'm tired of big corporations always blaming an external partner/supplier/vendor for letting data they collected/stole/harvested get hacked. If you let some external entity access the data it should be your responsibility to make sure that access is secure. The only way to bring businesses to heel is to make it financially painful for them not to.

0
0
Anonymous Coward

Western Union

As a brand, I simply see them as shop-fronts for scammer activity.

3
0
Anonymous Coward

Re: Western Union

I see them as a lobbying company that gets in the way of cheap international money transfer.

0
0

I'm always surprised when people suddenly realise a cloud is just a data centre. Zettagrid switched off their UPS and took out the 'cloud' in Australia the other night. I got about 100 support calls (after the support helpdesk came back - it was hosted in the 'cloud') where I had to explain that a cloud is just a bunch of VMs... sitting on physical hardware.

0
0

"We promptly moved our external secure storage to a different vendor's system."

I hope they bothered to check the new vendor out, assured themselves that they could provide an actually secure system (rather than what they already had which, presumably, was sold as "external secure storage"), and set the new system up correctly so that it actually is secure this time. Otherwise they've just moved the same data to a different target and they'll be recylcing this press release in a few months and promptly moving their external insecure storage again.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018