What Government Data Breaches Teach Us About Access Control

When a government agency confirms a breach only after a hacker begins advertising the stolen data for sale, the story is rarely about a zero-day exploit. It is almost always about the slow accumulation of small, preventable decisions — a misconfigured endpoint here, an over-privileged service account there — that an attacker eventually stitches together into a working path to sensitive records. The recently confirmed breach of a French government agency, with data now reportedly offered on under