Spotify has revealed that it is the latest organisation to suffer a security breach. In a statement on its website, the music streaming service claimed that it had ‘become aware of some unauthorised access to our systems and internal company data’.
The company stated that its investigation suggested only one user’s data had been compromised and only Android had the potential to be affected. It is advising all those using its application on the Google platform to update to a newer version of the app in the next few days.
These breaches just keep coming! It really does suggest that many businesses still don’t have the defences in place to deal with escalating threats, or hackers are simply becoming more creative to get what they want. Either way, organisations need to up their game.
While this Spotify attack appears to be relatively minor in terms of customer impact, particularly when compared to last week’s eBay furore, it still raises questions about how equipped these companies are to keep our personal information safe.
Spotify’s statement makes no reference to when the compromise was discovered, simply that it acted immediately. Given only one user’s data appears to have been accessed, one has to question whether this announcement is a knee-jerk reaction to the criticism surrounding eBay’s slow disclosure.
Whatever Spotify’s reasoning, it has to be commended for shrugging off the stigma attached and ensuring the breach didn’t reach the catastrophic proportions of others like it. Before the EU initiates 24 hour breach disclosure laws for all sectors, all businesses should be following this lead to proactively reassure customers. We live in a time where the threat of legal or financial ramifications should not be the only motives for keeping data safe.
Of course, businesses also have to be sensible about this and make sure they are confident a breach has taken place, rather than simply announcing it every time something looks a little fishy. In order to do so, however, they require the right systems that provide 360 degree visibility into all data generated within the IT environment.
With this level of traceability, not only can suspicious behaviour be immediately identified, but it can quickly be investigated to ensure any subsequent disclosures are warranted. There is no doubt that it is a fine line, but with the right tools in place and a bit of common sense we’ll at least have a fighting chance.