"What those breaches have in common is they exposed information, including people's personal data, in perhaps unexpected and alarming ways,"DataBreachToday Executive Editor Mathew J. Schwartz says in a year-end audio blog (click player below image to listen). Plus, the organizations storing the information apparently failed to adequately secure it in the first place.
In the blog, Schwartz also:
- Explains how Ashley Madison's marketing suggested that clients' personal information would be secure, even though it wasn't;
- Analyzes the approach VTech took to secure data that raises questions about the security of all of its Internet-tied products aimed at children; and
- Asks what else regulators or legislators should be doing to close the gap between how products are marketed, and how they actually perform, from a security standpoint.
"The big takeaway is ... don't assume anything is secure until proven otherwise," Schwartz says. "Anything that is Internet-connected, don't trust it without guarantees."