Newsletter

Cloud Insecurity: Huge data breach shows a fundamental misunderstanding about protecting data stored in a Cloud

Researchers at vpnMentor have discovered an unprotected database on a Microsoft Cloud server that contains the personal information of ~80 million US households, including sensitive information like income and marital status. However, the team who found the information could not determine who owns or operates the insecure database.

 

Large breach of household-level data

The 24 GB database is believed to be one of the largest – if not the largest – breaches of household level data. The fields contain information on each person in the household, including

  • Marital status
  • Income
  • Full name
  • Data of birth
  • Age
  • Gender
  • Latitude and longitude of the physical address
  • Type of structure

Since the data relates to households that have multiple members, the number of individuals impacted could easily run into the hundreds of millions of US residents.

vpnMentor describes the data as a “goldmine” for identity thieves and malicious attackers, especially those hackers who rely on ransomware. “The only way to remove ransomware is by paying a fee – and with access to your income information, attackers know how much they can demand of you,” notes vpnMentor in the blog announcing the discovery.

Conclusions from the McAfee report.

This latest breach reinforces findings from McAfee’s 2018 report on cloud security that found an average of 2,200 security incidents per month are a direct result of misconfigured cloud services according to the 1,400 global IT professionals who participated in the study.

McAfee claims the root cause is often a lack of skilled cloud security team members and a continued reliance on manual processes – mirroring the same issues faced by teams deploying apps on-prem.  But, there is a more basic reason, according to one industry expert.

Goldmine for malicious attackers

“A lot of companies feel they have less responsibility for security once they move to the cloud, and that vendors will be accountable. That’s not the case,” according to Dannie Combs, chief information security officer at Donnelley Financial Solutions Inc., of Chicago in a Wall Street Journal interview.

What do you need for comprehensive protection?

You may also need additional tools and managed solutions to provide the comprehensive cloud data protection you want and your customers expect. While major cloud hosts do make some security tools available, it’s still your responsibility to apply them and monitor their effectiveness.

That’s understandable since many executives have the mistaken impression that once you move to a cloud environment, the burden for application and cloud data protection is built-in to the services you have purchased.

Clearnetwork reduces the burden on overworked and understaffed IT teams. We lower risks and costs so you can focus on protecting your business.

 

 

 

 

Ron Samson

Recent Posts

How to Optimize Your Security Budget: Tips for Understanding SIEM Pricing

As businesses contend with growing cybersecurity threats, finding the appropriate balance between exhaustive security measures…

2 days ago

SIEM Monitoring Services Explained: How They Safeguard Your IT Infrastructure

In today’s digital age, businesses of all sizes face an increasing number of cyber threats.…

5 days ago

What Is SIEM Security Meaning and Why It’s Critical for Your Organization

In the current digital age, organizations face increasingly sophisticated cyber threats. As cyber-attacks grow in…

1 week ago

SIEM Security Software vs Traditional Security Solutions: What’s the Difference?

In the world of cyber security, organizations are continually looking for the most effective way…

2 weeks ago

XDR vs EDR: Which Should You Choose for Comprehensive Threat Protection?

As cyber threats become more sophisticated and frequent, businesses are increasingly looking for solutions that…

2 weeks ago

A Deep Dive into EDR Tools in Cyber Security: Features and Benefits

In the rapidly changing world of cyber security, organizations are faced with increasingly sophisticated threats.…

3 weeks ago