Unsecured Database Exposed 200 Million on Cloud
An unidentified party’s unsecured database exposed 200 million U.S. citizens’ sensitive data. A CyberNews research team discovered the database which contained 800 gigabytes of unsecured data on a Google Cloud server. The data included among other data, names, dates of birth, credit ratings, addresses, mortgage and tax records and detailed data profile data. The files included information that might have been obtained from the United States Census Bureau. It also a log of calls to a fire department in the United States and a list of 74 bike share stations operated by Lyft. The database was wiped by on March 3, 2020 by an unidentified party.
Cybersecurity is Everybody’s Responsibility
Based on expert analysis, the data may have been the property of a data marketing firm or credit company. The fact that the data ended up on an unsecured database, shows at the very least, a willful ignorance of cybersecurity protocols. While many cloud vulnerabilities are similar to those in found elsewhere, because of potentially limitless access, the associated risks are much higher. Furthermore control of that data’s use by those who have approved access is difficult to supervise.
Cloud Data Configuration
Misconfiguration of cloud based data is the most prevalent vulnerability according to a National Security Agency report. Most Cloud Service Providers (CSP) provide the necessary tools to secure data but often the user will not perform this configuration. This is particularly disturbing because proper configuration is not a task requiring extensive cybersecurity knowledge.
Developing effective cybersecurity is one the greatest challenges facing businesses today. There is no realistic way to truly evaluate the loss or compromise of sensitive and proprietary data. In this story a database exposed 200 million people, but these stories are happening daily. Cybersecurity must be performed by an effective Information Security Management System (ISMS) that is tailored to the requirements of the organization. This system can incorporate tools, people, processes, supply chains, and risk management to protect your most important asset.