Another company charged with managing and safeguarding client data, Attunity, left client data files exposed on the internet, according to a June 27 report from UpGuard. The incident has reportedly impacted clients, including Ford and the TD Bank, whose customer information was publicly accessible.
Researchers disclosed that three Amazon S3 buckets used by the data management company have now been secured. “Of those, one contained a large collection of internal business documents. The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups. Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more,” researchers wrote.
This news comes on the heels of reports that Attunity had left a terabyte of data from Amazon Web Services exposed only a month ago. “In order to prevent putting yourself or your valued customers in a similar situation and making headlines for all the wrong reasons, it's vital that you integrate a comprehensive privileged account management (PAM) program into your security plan,” said Todd Peterson, security evangelist at One Identity.
Despite recommendations that companies change the default admin password on any system and implement a password vault, many organizations continue to have security issues that stem from misconfiguration.
“It’s no wonder that third-party risk has become the most significant cyber issue for organizations around the globe – lax understanding of third parties' security posture and practices is creating a massive weak spot for all organizations across all industries. Simply trusting business partners to do the right thing is irresponsible – companies need to do robust monitoring,” said Jake Olcott, VP at Bitsight.