Monsanto’s decision to house customer and employee data on one server is a "simple mistake made all too often", according to the president of security firm FireMon.
Jody Brazil, who is also the chief technology officer at the security company, commended the farming company for its haste in informing the relevant authorities and bringing in forensic experts after its subsidiary Precision Planting was breached, but reproached the firm for not segmenting its data.
He said: "Segmenting a network and distributing sensitive information across different servers on appropriate network sub-segments can and will limit the damage of a data breach – the cybersecurity equivalent of not putting all your eggs in the same basket."
Speaking on behalf of Monsanto, Christy Toedebusch said that fewer than 1,300 farmer customers were affected by a breach discovered on March 27, in which financial information, social security numbers and customer addresses had been compromised.
In a letter to the Attorney General of Maryland, the company said they believed the breach "was not an attempt to steal customer information".
As an apology the chemical and farming firm will offer credit monitoring services to those whose data was compromised, and the firm will revise its security measures.
"While no system can be completely secure, we believe our new security protocols will provide significant protection for customers’ data," Toedebusch said.
Content from our partners
Brazil added that it was easy to criticise companies for bad security practices, but that making such information public would allow others to learn from the mistakes.
"What is clear is that Monsanto has done everything in their power to limit the damage of the data breach by informing relevant government organisations, calling in forensics experts, and contacting the FBI to assist in dealing with the breach," he said.
