this post was submitted on 04 Jun 2024
64 points (95.7% liked)
Technology
57455 readers
4582 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
In the EU any bank requires customers to use 2FA. Dutch customs requires critical logistics companies to use 2FA (amongst other stuff).
From what I recall critical companies must address likely methods to breach their security. It is highly likely that a company will get loads of attempts to check. Similarly, a critical company is expected to deal with employees leaving and ensuring their access is revoked.
From skimming they seem to say that there isn't a breach because an account of an ex-employee was used. But that's too easy, the processes sucked. The way they got in is just one of the things that some EU regulation requires critical companies to address. Same for perhaps not forcing customers to use 2FA. That's crazy.
The EU is usually really slow in regulating things. If they got in using a method that the EU said you had to address then it means you had ages of time and nothing was done.
Really unresponsible. Especially as I think they seem be pretty critical part of the economy.
They're claiming that no breach occured on any production systems. If they were really just demo accounts, then skipping the MFA is understandable.