October 31, 2022
Cybersecurity: Media Giant Exposed 3TB+ of Sensitive Data
International Media company, Thomson Reuters, left its three databases open which exposed 3TB of sensitive data including plaintext passwords to third-party servers, according to research from cybernews.
The research revealed that the open database size implies that it was one that allows the use of Elasticsearch. The Cybernews team believes that the exposed data, "would be worth millions of dollars on underground criminal forums because of the potential access it could give to other systems".
According to the researchers, they contacted Thomson Reuters when they discovered the leaking database. The media company took down the open instance immediately.
Compliance: FTC Penalized Drizly and CEO Over a Data Breach
On Monday, a press release from Federal Trade Commission revealed that they are settling a case that will bring individual sanctions against the online platform Drizly and its CEO for a data breach. The incident occurred in July 2020, when the personal information of its 2.5 million consumers was exposed.
The FTC alleges that:
Drizly broke the law by not following their commitment to improving their security after the 2018 incident.
Drizly’s CEO broke the law when he took shortcuts in the company’s security.
The proposed order will enforce CEO James Cory Rellas to implement a security program at any company he leads that collects consumer information from more than 25,000 individuals. While Drizly needs to:
Delete all unnecessary data which will be reported to FTC.
Collection of data should be limited to only what is necessary.
Implement an information security program.
Obtain third-party biennial security assessments.
InfiniGlobe helps legal departments maximize their technology investments with simple and useful technology. Discuss us your goals or suggestions, email us at info@infiniglobe.com or call us (833) LGL-TECH.
Comments