The Register reports that iPhone-carrying employees of UK insurance giant Aviva had their devices wiped on May 20 when someone hacked the company’s MobileIron admin server.
An insider has apparently told El Reg that Aviva planned to cancel their contract with MobileIron and would be moving to another service (the source revealed that the company has switched users to a new Blackberry server).
The breach purportedly involved exploiting the now long known Heartbleed bug, and one expert consulted by The Register opined that a perimeter scan should have detected the vulnerability — leaving us to wonder if, like many companies, Aviva doesn’t bother to do such scans or simply has failed to retain sufficient staff to check them.
Is this another example of the ignorance and/or complacency of corporate strategists when it comes to system security?
Sure seems like it.
Fortunately, the financial press do not seem to have heard (their news aggregators seem not to subscribe to El Reg’s feed — or if they heard, didn’t grok) this bit of news and so the stock portfolios of Aviva’s leadership is probably safe. For now.