June 7, 2017 would be a day that many BPI account holders like myself will remember. Coming into the office I got wind of major discrepancies in bank accounts of BPI. ATMs couldn't be accessed, the online portal was down, and their support numbers couldn't be reached. It was without a doubt, widespread panic.
BPI released an advisory indicating that it was an internal "glitch."
Although an internal system error is by no means ideal, especially when we are talking about financial resources of many people, it did comfort me that it wasn't a hack. I was eagerly waiting for things to be resolved until this post:
This was posted just hours after their advisory and did little to build confidence in the matter at hand. Many of us started realizing that it probably wasn't an internal system error, but most likely a hack.
I couldn't really think of anything while at work, and googled out topics that came to mind.
I came across this post by Judy Leary. Ms. Leary posted the largest data breaches in 2016. Going through the list, I noticed quite a few familiar names from tech companies, educational institutions and even government agencies. One of them struck quite close to home.
In Ms. Leary’s article it was mentioned by Infosecurity Magazine “could rank as the worst government data breach anywhere.” With the sensitive information of more than 55 million voters in the Philippines compromised, the data breach on the Philippines Commission on Elections (COMELEC). People searched their names on the internet and found their details exposed, albeit briefly.
Sensitive information like this shouldn’t be poorly protected and subject to widespread exposure.
I decided to read more on the topic of data security. According to a post by Srini Vasan, he gave a good analogy of how data encryption works, akin to a master padlock. An interesting point that he mentioned that most businesses and banks use 256-bit to 512-bit encryption.
In Another post that I read, by Dara Kerr, she mentioned that a 923-bit encryption was broken in approximately 148 days.
If most companies, including businesses and banks use 256 to 512-bit security encryption, and yet some time back in 2012, a 923-bit encryption was broken, are we really safe?
According to John DiGiacomo, there has been almost 800 security breaches, exposing more than 170 million personal records in 2015, security breaches jumped up by 38% in 2016 from the 2015 figure.
Anyone can get our data and file fake tax returns, take our identity, or forge documents. How safe are we really?
I would like to know your thoughts on this.
Kishore Daswani