Managed File Transfer Technology Ensures Data Security, a Perspective on the LivingSocial Data Breach

Don Miller

Simply put, the managed file transfer process works wonders for ensuring data security. While data security is just one of the core capabilities of a good managed file transfer software solution, it is definitely a major reason why organizations have come to us lately when looking for a managed file transfer solution.

I recently read a report about a cyber attack that is worthy of note from a data security/managed file transfer perspective. LivingSocial, the second largest online daily deal company behind Groupon, announced that it was hit by a cyber attack which potentially compromised sensitive data for more than 50 million of its current and former customers. I say “potentially” because it appears LivingSocial had instituted certain practices which enhance data security.

For example, LivingSocial said the cyber attack resulted in “unauthorized access” to such data as email addresses, dates of birth and passwords. However, LivingSocial also stated that it “encrypts” customer passwords rather than storing them in plaintext, which is a good data security practice. Encryption transforms data from plaintext to make it unreadable to anyone except the person(s) who possess the “key” to unlock or unscramble the data.

Had the breach affected the file system instead of a database, we would tell you that a good managed file transfer solution should allow storage of sensitive data on a readily accessible medium, but with complete security using an in-built, data-at-rest solution, thereby permitting programmatic access to the sensitive data in a real-time environment. We would also tell you that a good managed file transfer solution should have other file storage and retention features, such as being able to limit access to uploaded files, auto-deleting files after a specified retention date, implementing a file compression policy, providing security access logs, etc.

LivingSocial also reported that a “substantial portion” of the company’s database was affected, including customer accounts that had been closed, because LivingSocial retained such information in the database. From a managed file transfer perspective, this is not a good practice. LivingSocial would have been better served had it backed up the old customer data, encrypted it, and stored it offline.

Finally, although not directly related to data security or the managed file transfer process, I found it interesting that LivingSocial’s CEO sent an email to customers in which he advised: “We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s).” Now that is good advice. In fact, we dispensed similar advise previously on this blog.  To reiterate, you should create a different password for every site that you join and make sure each password is difficult or impossible to guess.

bTraders are always happy to discuss data security needs. If you want to learn more about this or any other managed file transfer topic, please contact us at