Paris Hilton hack highlights security failure

The recent Paris Hilton incident, when hackers stole addresses and phone numbers from the celebrity's smartphone, highlights a wider failure to secure consumers' personal information, Gartner has warned.

Avivah Litan, vice president and research director at the analyst, said that the hack, which resulted in the contact details of stars including Anna Kournikova being posted onto multiple internet sites, shows that service providers and regulators, including those outside the banking and credit card industries, need to do more to safeguard sensitive customer data.

The warning comes after the security breach on 22 February, when a T-Mobile spokesperson confirmed that someone accessed and stole phone numbers, personal notes and photographs stored on Hilton's Sidekick II smartphone.

According to Gartner, the data was compromised in one of two ways: someone hacked into the server at T-Mobile where the data resided; or someone stole her password either offline or online through phishing or keystroke-logging malware.

"Whatever the method, this incident confirms Gartner's belief that service providers need to take an holistic view of combating fraud and break-ins. They must erect as many walls as possible, using a multi-channel, cross-silo system approach," said Litan.

In order to better safeguard customer information, service providers should encrypt data, implement strict systems that manage access to this data and extend data protection methods used for credit card account information to all sensitive information.

The analyst firm noted that data encryption, network segmentation and data access management processes are all requirements under the Visa and MasterCard payment card industry standard for companies that handle cardholder data, as T-Mobile does.

Gartner also believes that regulators should impose penalties and fines on service providers that do not safeguard sensitive customer data.

"While there are some basic steps that consumers can take to protect their data, such as not sharing passwords, customers should not be held accountable for breaches and hacks beyond their control," said Litan. "The guardians of the data have to take steps to protect consumers and other customers."