Hackers wanted their MTV recordsBy Larry Walsh | Posted Monday, March 10, 2008 16:03 PM
More than 5,000 employees of MTV, a division of media giant Viacom, are monitoring their credit reports after being notified that a security breach compromised filed that contained their names, Social Security numbers and compensation information.
In an internal e-mail to employees, MTV explained that the files were stored on a laptop that was breached via the Internet. Exactly how the laptop was compromised was not disclosed.
What's extraordinary is the admission by a high profile corporation that its security is imperfect.
"We have policies and processes designed to ensure the security of employee data and these are subject to ongoing internal and external review. We provide a sound security framework that includes data leak prevention as well as anomaly and intrusion detection technologies. Unfortunately, no system is impenetrable," wrote Catherine Houser, MTV's executive vice president of human resources.
No security pro worth his salt would ever report that his/her security is bulletproof. In fact, most will tell you that the true intent of a good security program is to mitigate risk, not eliminate it. Too often, companies that experience a security breach will spend days or weeks trying to examine what went wrong and assign blame. Look no further than the Department of Defense, which took six months to report the full extend of a security breach that resulted in the leak of tens of thousands of sensitive documents.
Sure, the MTV breach isn't on the same scale as national security. MTV should be lauded for not only admitted the breach immediately, but is extending support to its affected employees by paying for credit monitoring and guidance on detecting anomalous behavior on their credit reports.
If only more enterprises acted with the same rational thinking and expediency as MTV.