In the recent hours has been public that Switzerland’s biggest telecommunications provider suffered a breach with 800,000 customer data exposed: Swisscom suffered a massive breach unveiling 800,000 names, birthdates, telephone numbers, addresses and other sensitive data that now is available for nefarious purposes.

The interesting part of this story is that it was not an elaborated hack but, the criminals abused a wrong handled partnership.

The third party did not protect enough the access data, so, any individual could have free access to that sensitive information. They announced that information related with passwords, conversations or billing was not stole (sigh).

This is not the first time that the telecom company is affected by this kind of abuse or neglected partnerships. In 2013 many physicals records were stolen. In fact, they should have destroy them according to retention policies and regulations but since they didn’t do it, the records ended in the wrong hands.

Security Information reflections by me:

Partnership Management

Operations can be share but responsibility and liability remain with us, that’s why it is important to care of the data and carry on periodic audits in order to ensure that the minimal protection mechanisms are in place and working as expected. Retention Policies

In regards to the 2013 incident, companies must reduce their attack surface and destroy information they don’t need or require any more, either because of business needs or compliance.