This is really interesting and backs up what I have been saying for years on a number of levels. The attack wasnt technical, the data was stolen by abusing functionallity and privileges granted to the attackers. This was also an insider attack. I constantly go on about the insider threat and the fact that having a firewall on the perimeter of an organisation does nothing to protect the data within as most staff have access to it via applications or directly to the databases. Often also data is not even held in just the database, often its copied many times and replicated outside of the database, this just means there is no controls over data and someone can pick it off easily if they wished. Whats more organisations rely on application security to protect the data whilst the database often has sweepingf privileges. When the same users are allowed different access through different applications they often can see data that was not intended for them to see.
You must know where your data is and who can access before any attempt to secure that data is made otherwise you are wasting your time.
Also today I came across another new blog in the data security space, that of Michael Smith which is called "Database Security" which i have also added to my Oracle security blogs aggregator.
There has been 1 Comment posted on this article