Google Street View Breach Prompts Revamped Security

Google is beefing up security systems and practices in the wake of a global data breach by its world-renowned Street View cars, which accidentally collected users' personal Wi-Fi data as they rolled by.

Google publicly acknowledged in May that its Street View cars unintentionally swiped some personal user data on unsecured Wi-Fi networks, some of which included entire e-mails, as well as Web site URLs and passwords.

In a blog post Friday, Alan Eustace, Google senior vice president of engineering, apologized for the company's missteps, but reassured users that it had taken pains to enhance its security posture to prevent the mistake again.

"We work hard at Google to earn your trust, and we're acutely aware that we failed badly here," Eustace said. "We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place."

Sponsored post

Going forward, Google's new security posture includes the addition of a new director of privacy Alma Whitten, whose job is dedicated to privacy issues across engineering and product management.

Next: Google Enhances Training/Compliance

The new stance will also incorporate additional employee training on Google's privacy principles, as well as enhanced privacy training for Google's engineers and other critical groups. Employees will also be required to sign the new Code of Conduct that includes beefed up sections on privacy and data protection, as well as undergo a new information security awareness program.

Finally, Eustace said that Google also will continue enhancing its compliance procedures, adding a new process that requires every engineering project leader to maintain a privacy design document for every initiative they're working on.

"We believe these changes will significantly improve our internal practices, (though no system can of course entirely eliminate human error)," Eustace said. "We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users."

Previously, Google executives maintained that the Street View cars had only collected SSIDs that identify WiFi networks and MAC addresses that link to particular hardware. The breach elicited a firestorm of criticism from users and privacy watchdogs, who demanded a more extensive investigation of the information that Google captured.

Eustace said that Google hadn't been fully aware of how much or what kind of information was compromised when the Street View data breach was first brought to light. Since then, external regulators have conducted a more thorough analysis of the data loss, although Eustace emphasized that most of the compromised user data was "fragmentary."