According to a report by Gartner, from 70% to 99% of all data leaks are not caused by a hacker attack, but rather by user carelessness. In many cases, the ordinary user is a greater threat to his/her data than is a cybercriminal. This was greatly demonstrated by a large data leak from Amazon AWS S3 that happened in March 2018.
The “211LA” (full name “211 Los Angeles”) organization handles support for the elderly, domestic violence and other social issues. It stored the database with its charges on AWS S3. This base had its backup also on AWS. The problem was that the folder with the copy of the database had incorrectly set access permissions and its content was publicly available.
Sensitive data accessible to everyone
200 000 lines of detailed notes were unintentionally made public – including cases of violence against the elderly, child abuse and suicide attempts. The data included full names, phone numbers, addresses and even 33 000 complete Social Security Numbers. In addition, the leaked data concerned e-mail addresses and password abbreviations for the organization’s employees and associates. The passwords were encrypted with MD5.
Conclusions
If you want to store critical data in a cloud, make sure it is secure – and security starts with the basics – access should be very limited.
Source: UpGuard
—
Do you need cybersecurity solutions for your company – contact us.
