Volkswagen learns an expensive lesson on the dangers of ROT

By: Nate Latessa, VP of Corporate Services

Volkswagen and Audi are the latest victims of a data breach that exposed the contact info on 3.3 million customers, including phone numbers, email addresses, mailing addresses, and in some cases VIN numbers. An additional 90,000 customers may have had even more sensitive information exposed that would have been provided during the loan eligibility process such as birth date, social security number, and driver license number.  The data was gathered for sales and marketing purposes between 2014 and 2019 and it was left in an unsecured file on a third-party vendor’s system. 

Data breaches like this are especially frustrating because they are preventable.  This does not appear to be a difficult or especially sophisticated hack.  The attackers merely gained entry to the network and found a treasure-trove of data in an unsecured file.  It’s the physical equivalent of leaving your wallet or purse in the front yard of your house and saying, “It’ll be safe, I have a fence”. 

Understanding what sensitive data you have and where it’s located is arguably the most important component of protecting it.  If you don’t know what data you have or where it’s stored, you can’t adequately protect it.

The bigger problem is that most companies have so much data that it’s tough to sift through the redundant, obsolete, and trivial data (ROT) to find the data that DOES have value.  In the Volkswagen example, this file should have been identified and deleted if it was no longer needed or been stored in a more secure location or encrypted. 

The only way guaranteed way to prevent a data breach is to get rid of data that no longer has business value.  Eliminate ROT to focus your cybersecurity dollars on protecting the data that matters most.

Click here to learn where you fall in the data information journey and the best next steps to protecting your data.

Previous PostNext Post