The payroll is one of the most valuable secrets a company has control over every single day. Most companies keep persona details and bank account information of their employees in a centralized database. Sage, a UK accountancy software group, was recently breached, resulting in the theft of sensitive data. A total of 300 companies are thought to have been affected as a result.
Users of the Sage accountancy software were notified of a potential data breach on August 11, 2016. While it was uncertain specific information had been leaked at that time, the company sent out a generic email to its users. In this day and age of internet criminality, data breaches are becoming the norm rather than the exception.
There are plenty of troubling signs about this data breach that need to be taken into account. First of all, Sage support engineers were unaware of what information was affected as of August 13th. Within two days of a potential data breach, one would expect the affected company to have a basic idea of what has happened.
But there is more, as this data breach has been conducted by a Sage employee. Insider threats are very real, albeit few companies pay heed to this potential attack vector. While Sage – hopefully – takes precautions by screening staffers, they were unable to prevent this data breach. For an accountancy software provider, this is very bad PR, to say the least.
For now, it still remains unknown which type of information was leaked during the data breach. Sage controls sensitive information, such as employee addresses, dates of birth, bank account details, and salary information. When criminals obtain this information, all of the affected victims become prone to future phishing and identity fraud attacks.
Although Sage claims only a “small number of UK customers” have been affected, 300 companies’ payroll information is at stake. We can only hope the company will do everything they can to ensure proper safeguards are put in place for the future. Then again, all of this sensitive information is now in the wild, and it may be sold on the deep web in exchange for Bitcoin soon.
Preventing Payroll Data Breaches With Bitcoin and Blockchain
Centralized database solutions, such as the ones used by Sage and other payroll companies, are a critical point of failure. Hackers only need to target one server to gain access to all of this information. Had the company invested in distributed and decentralized solutions, such as blockchain technology, this data breach would not have occurred.
Another approach would be to not store such sensitive employee information in a centralized database. Bank accounts and dates of birth can be exploited to commit identity fraud for every single employee affected by this data breach. By using different payment solutions, such as Bitcoin, companies can prevent third-party service providers from spilling sensitive data if they were to get hacked.
Security experts have praised blockchain technology, providing a potential solution to data breaches for companies such as Sage, as Anders Brownworth, principal engineer at Circle, recently expressed in a recent MIT Sloan CIO Composium,
“We’re not hanging our hat on a governmental agency or a certain group of people; we’re hanging our hat on the full faith and credit of math, of cryptography. That works for me a lot better than a group of people,”