Radio Telef_s ireann Data Breach (2013)

RTE has beefed up its internal email security system after hackers broke into the account of a member of staff and attempted to "phish" the accounts of other employees An RTE spokesman confirmed that the broadcaster had now implemented a more secure "alpha-numeric" password system in light of the incident. He confirmed that a hacker was able to break into a staff member's email account last month and use it to launch a series of bogus emails purporting to be from a financial institution to a small number of other employees. "The security of an email account belonging to one RTE staff member was compromised recently. "Spam emails were sent from this account, which led to the account being blocked until the password was reset and the staff member briefed on effective security controls to prevent a similar incident," he said. The compromise is believed to have occurred because the victim's password was not adequately secure. Fortunately, none of the other email accounts were compromised and none of RTE's 1,800 staff fell for the "phishing" scam to try to obtain financial and other confidential information, the spokesman said. "It was a very small and localised incident," he told the Irish Independent. But the incident has prompted the state broadcaster to implement "industry-leading email, internet and anti-virus security solutions to block phishing emails and websites". "As a result of this layered approach to information security, none of the phishing attempts that have been received by staff have been successful," he added. The initial breach resulted in filters on RTE staff email accounts not being able to identify spam emails. Staff were reportedly told in an internal email late last month that this breach "poses a high security risk since most of these emails contain links to compromised websites". Cian Blackwell, an IT risk specialist for Grant Thornton financial consultants, said insecure passwords could potentially lead to huge financial losses as well as the theft of confidential information. 'Staggering' He said the number of people still using simple passwords at work commonly the same ones issued to all staff is "staggering". "A lot of big companies don't re-set passwords," he said. "Often companies will use a single sign-on." The perpetrators may also not be sophisticated fraud artists but often are "low-tech, opportunistic hackers". The incident should serve as a reminder to all email account holders to ensure that their passwords are as secure as possible, he added. "Passwords need to strike a balance between how easy they are to hack into and how easy they are to remember," he added. Irish Independent