BreachExchange mailing list archives
Dow Jones cloud server borkage sees personal details of '4 million customers' leaked
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 18 Jul 2017 17:31:17 -0600
https://www.theinquirer.net/inquirer/news/3013999/dow- jones-has-potentially-leaked-the-personal-details-of-2 A security company called UpGuard has exposed a problem with a Dow Jones server that partially exposed the details of as many as 4 million people. This is bad news for Dow Jones and its punters. UpGuard suggests that there was some oversight in the setting up of the weak point, which could have been avoided. If it has been avoided a lot of people might be the sole owners of their own email addresses and some of their credit card details unmolested. "The UpGuard Cyber Risk Team can now report that a cloud-based file repository owned by financial publishing firm Dow Jones & Company, that had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company's customers," said the firm. "While Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts," said UpGuard, adding that this is just the tip of the breach iceberg. The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron's. "Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations," the security firm added. Other security companies have cottoned on to what is happening and have naturally thrown their tin foil propeller hats into the comment ring. Christiaan Beek, lead scientist and principal engineer at McAfee, seemed to sympathise by saying that firms face a lot of threats, but wound up blaming human error and software. "Companies today are battling an increasingly varied threat landscape while managing huge amounts of data. It can be a challenge to keep close track of where this data resides to ensure it is secure - and in this case, one small error in the cloud resulted in a large scale exposure," he said. "The reality is that as companies become more focused on preventing cyber crime, they may be unconsciously shooting themselves in the foot in their efforts to be completely secure. It is not unusual for businesses to have over 10 security tools that require constant monitoring in order to ensure everything is correct - meaning that unfortunately, human error becomes a key factor in monitoring and safeguarding data." We have asked Dow Jones to explain itself.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Dow Jones cloud server borkage sees personal details of '4 million customers' leaked Audrey McNeil (Jul 19)