Data breaches during a supply chain shortage

Recent years have seen supply chain shortages in the realm of products like mobile devices and automotive vehicles.  Often this has been due to a lack of components like semiconductor chips, which are used in these products and can thus impact things like public transportation.  Not only that, but in the event of such a shortage, the price of older vehicles goes up.  The importance of this chain on consumers’ daily lives shouldn’t be underestimated.

Neither should the necessity of securing sensitive data and protecting customers from cybercrime.  When Europe’s largest semiconductor manufacturer, NXP, gets hacked, it’s an even bigger deal than usual.  Chimera, a Chinese-tied hacker group, is the culprit in this case.  From 2017 to 2020, the group stealthily infiltrated NXP’s network, leveraging previous breaches to gain credentials from Facebook and Linkedin.  From there, they would launch brute force attacks and even change phone numbers to circumvent two factor authentication (2FA), before finally deploying their hacking tool known as ChimeRAR and exfiltrating the desired data.

It seems that in the wake of the breach, NXP has tried to downplay its severity, as well as the likelihood of any risk to affected individuals.  Along that line of thought, the company judged it unnecessary to publicly reveal the incident, despite acknowledging the theft of its intellectual property.

It is not yet clear how many customers were impacted, or which regulations NXP may have violated in keeping their silence.  Across the globe, new standards have been enacted that leverage harsh penalties against organizations that fail to report on data breaches that affect a certain number of people.  From Europe’s GDPR to the myriad state-by-state laws in the US, in lieu of a unified national standard, government agencies are requiring strict adherence by entities to who handle personal data.  Efforts to achieve this compliance (and avoid failure) are not inconsiderable, and impose extra pressure on these firms.

To help ease the burden of data protection and compliance, NetLib Security offers its powerful data encryption platform, Encryptionizer, across physical, virtual, and cloud environments.  Encryptionizer transparently encrypts an organization’s stored data, making it illegible to intruders who break through network perimeter defenses or trick an employee into giving up access credentials.  With no additional programming or impact on performance, Encryptionizer also helps companies meet compliance requirements such as GDPR, HIPAA Omnibus and HITECH, and FIPS 140-2, mitigating official penalties in the event of a security incident.

Request a free evaluation here to show you how NetLIb Security can help you effortlessly protect your data.


By: Jonathan Weicher, post on November 30, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security