Allegations that sensitive identification data managed by Israel-based AU10TIX could have been accessible outside of verified access are not fully accurate, AU10TIX says.
The suggestion of a possible data exposure comes from a 404 Media report that says online administrative credentials were exposed for more than a year, according to screenshots and data it obtained. AU10TIX, an identity-verification firm, says its review shows it was part of an ongoing campaign that disclosed stolen credentials which led to unauthorized access attempts that many companies are currently experiencing. These stolen credentials could have been used to access sensitive data managed by AU10TIX, but the company found no evidence of it.
“After a detailed security review, we concluded that there was no malicious activity and no data leakage from our system,” AU10TIX says in a statement to Digital Transactions News. “[Eighteen] months ago, credentials were illegally obtained. At that time we immediately removed these credentials from our assets.
“However, when we learned from a security researcher that they were still traceable through our monitoring tool, the credentials were ultimately completely removed. While [personally identifiable information] data was potentially accessible, based on our current findings, we see no evidence that data has been exploited in any way. We eradicated this security risk.”
Specifically, AU10TIX says it disconnected the relevant operational system and replaced it with more secure systems. It also reviewed its security procedures while boosting its security controls for its information technology assets. Other steps included creating an employee group to monitor its network for future activity and reiterating its best practices and standards adherence, the company says.
The incident comes as identity theft remains a concern. While the number of victims of identity misuse, attempted misuse, and ID compromise dropped 16% in 2023 from 2022, that trend may not endure, according to the Identity Theft Resource Center. Online thieves are getting better at impersonating so-called legitimate officials, likely because of the introduction of generative AI technology, the ITRC says.