On May 24th it was reported that First American Financial Corp learned of a defect that exposed an estimated worth of 885 million digitized documents from mortgages dating back to 2003(1).
This exposure put account numbers and tax statements, bank account numbers, tax records, mortgages, SSN numbers, drivers license images and wire transaction receipts at risk.
First American Financial Corp learned of a design defect in its production app (application) which made unauthorized access possible to customer data.
The major reason for defaults behind these kinds of apps was the lack of security measures in place to protect private data. Because of the lack of security measures, accessibility to private data was easy to acquire.
In fact, to quote Shoval(2) … “Anyone who knew the URL for a valid document on the website could view other documents just by modifying a single digit in the link.”
This case is a perfect example of exploiting a server for access to customers’ personal information.
In this instance, hackers could easily take advantage of a rather easy-to-decrypt system, which only required changing a simple digit in a URL sequence.
This happened for two major reasons, besides the obvious defect in the code.
1. The servers have a single point of failure.
A single point of failure is when a network or server can be breached or hacked through flaws in the code because it is on one server and not distributed. As a result, the server will lead straight to the personal data of the end-users, in this case, 885 million digitized documents.
2. There wasn’t a second layer of security.
When accessing a specific code, a fundamental security measure is the second layer of security which determines who the host is that is trying to access that information.
If the First American Financial Corp had adequate protection of its servers and data, customers’ personal data would have never been exposed or accessible.
So we see that it is necessary to ensure that one point of failure in a system should never allow access that links directly back to the customers’ personal data or to compromise security.
Security in the cyber world has become complex and personal data is more vulnerable. Leaving information unprotected is the equivalent of leaving a gun lying around your house for anybody to use. It is essential to take maximum precautions to avoid any unnecessary incidents. Likewise, the security and safeguarding of personal data and information.
While cybersecurity is still in its developing phases, it has become significantly important. The number of people who are engaging in technological systems is increasing from year to year and with it, the demand for safe networks and servers.
PAI-TECH, a technology company that provides a Bot Operating System Standard offers a workforce of intelligent bots that would be able to prevent such a hack/breach.
When incorporating PAI-TECH’s Bot Operating System Standard, a personal bot(An automated program ton a network that can interact with computer systems or users.) is installed onto your servers and this safeguards both your servers and personal data.
This bot can be controlled remotely. Furthermore, this is an operating system and you have 24/7 access from any location and a double security measure in place.
The PAI Bots are distributed, which is a further layer of security. This places PAI-TECH’s operating system in a league of its own, owing to the fact that the bots are not located on a single server but are spread across a network of servers making it even more difficult to breach. Imagine solving a Rubiks in which parts have been separated and are always changing.
One of PAI-TECH’s major breakthroughs and huge benefits for cybersecurity is a hacker prevention and security system — CMC countermeasure cloning: if someone tries to access your personal data by way of a breach or hack, for example by changing one digit of the code, the bot would recognize this and move all the personal data from one bot to another. Thus the breacher/hacker would access an empty bot and would be tracked while the administrator of the initial server would be alerted. Thus giving the company the assurance of maximum cybersecurity.
In the current environment in which we operate, the 4th industrial revolution (4IR), it is essential for companies to examine their current cybersecurity systems and take the necessary measures to protect their data and avoid leakages which could lead to huge legal implications and class action lawsuits.
PAI-TECH’s technology tackles these specific challenges to ensure a more secure, safer and smarter world.
PAI-TECH, think safe, think smart.