Skip to content

Portswigger 數據洩露

How Multi-Factor Authentication (MFA) could have prevented the

potential exposure of 47,000 social security numbers

Data breaches are possibly one of the most feared things that can happen to any organization, entity, or public facility. Depending on the type of data involved, the consequences of such a breach can include the destruction or corruption of databases, the leaking of confidential information, the theft of intellectual property, and the inevitable regulatory requirements to notify and possibly compensate those affected.  Not to mention the bad press.

As such, nobody wants a data breach. But they still happen.

This summer, a New York university experienced a significant data breach. One that could have potentially exposed the personal information of nearly 47,000 individuals, leaving thousands of social security numbers wide open to exposure.  Yikes!

So, what happened?

The Research Foundation for the State University of New York (SUNY) announced it had detected unauthorized access to its networks.  A total of more than 46,700 individuals were said to be impacted by the breach, although it was not announced whether the people affected were employees, donors, or others who might be linked to the organizations.

In light of the attack, the Maine Attorney General hosted on its website a special security advisory (PDF) with more details about the incident.

Here’s what transpired:

  • The Discovery: Unusual network activity was noted that caused certain systems in their network to become unavailable.
  • The Investigation: The university immediately began an inquiry, employing a cybersecurity firm to take urgent measures to address the incident and to restore the systems.
  • The Notification: The university notified law enforcement.
  • The Conclusion: The investigation uncovered that there was unauthorized activity in the Research Foundation’s network between May 22, 2021, and July 9, 2021.
  • The Damage: During the time of the attack, an unauthorized party obtained files stored on Research Foundation’s file servers.
  • The Cost: The organization pledged to provide eligible individuals complimentary, one-year credit monitoring and identity theft protection services.
  • The PR: The university announced that to help prevent something like this from happening again, their Research Foundation would take immediate steps to further enhance the security of its network.
  • The Security Measures: The steps taken included the implementation of multi-factor authentication (MFA) and the deployment of an endpoint detection and response tool throughout its network.

Considering that the university went through all the above; the hack, the fear of exposure of thousands of social security numbers, the hiring of a security team, the notification, the press, simply to deploy MFA at the end, makes you wonder: why they didn’t have all of this in place in the first place?

The main reason for this is because many organizations do not employ MFA because integrating it into existing applications and services is complex, especially for non-web and thick/fat applications, which are not naturally compatible with MFA.

ZoneZero@ a Zero Trust Network Access (ZTNA) and MFA solution change all that.

is a ZTNA solution designed to enable organizations to easily integrate and deploy a centralized MFA solution (Synchronic MFA, Push messaging, Biometric, instant messaging, REST API) and identity awareness for all corporate/public entity applications, both web, and non-web.

Due to its unique parameters, with ZoneZero, organizations reap all the benefits of ZTNA and MFA with zero disruption to existing infrastructures and no loss of initial investment.

ZoneZero provides identity-based segmentation and MFA for any and every internal application for secure access control, non-web protocols and legacy infrastructure. That means that organizations can easily integrate MFA and continuous identity verification for all applications.

With ZoneZero MFA, every request from any user/application to every application invokes an MFA action. For example, once a push notification is sent to the accessing user or IT administrator for an access attempt, ZoneZero prevents access to the resource, until the MFA responds. With its centralized approach, seamless integration, and rapid deployment, ZoneZero MFA eliminates identity takeover fraud while delivering a seamless experience.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safe-T® Group Ltd.
Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of Zero Trust Access solutions which mitigate attacks on enterprises’ business-critical services and sensitive data, while ensuring uninterrupted business continuity. Safe-T’s cloud and on-premises solutions ensure that an organization’s access use cases, whether into the organization or from the organization out to the internet, are secured according to the “validate first, access later” philosophy of Zero Trust. This means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network or in the cloud.

Safe-T’s wide range of access solutions reduce organizations’ attack surface and improve their ability to defend against modern cyberthreats. As an additional layer of security, our integrated business-grade global proxy solution cloud service enables smooth and efficient traffic flow, interruption-free service, unlimited concurrent connections, instant scaling and simple integration with our services.

With Safe-T’s patented reverse-access technology and proprietary routing technology, organizations of all size and type can secure their data, services and networks against internal and external threats.