Personal and Financial Information of Tens of Thousands Indian Citizens Exposed in Data Breach

Media Division | August 9, 2017

Data breaches can come about through a number of different means. It could be an outside attacker aggressively or insidiously infiltrating, or it could be an insider with malicious intent that leaks data to cause detriment. But, there can also be another way, which would be an accidental mishandling of stored data. We have written about this quite a few times now, as it has happened to a multitude of organizations. It could be something as simple as incorrect privacy settings on a database, which can easily lead to extremely sensitive information being exposed to the public and those with malicious intent. In yet another example of this kind of breach, personal and financial data of many Indian citizens was left exposed on the web by Creditseva, a credit services firm.

How the Data Was Exposed

This recent data breach was first spotted by security researchers at Kromtech. According to reports, the sensitive data of about 48,000 citizens was exposed, and it included home addresses, driver’s licenses, pictures, and credit reports. The breach was once again the result of a misconfigured Amazon S3 bucket server, as it was not password protected. It is unclear as to how long the data had actually been exposed, as well as whether Creditseva will be notifying those affected. The type of information that was exposed can be a treasure trove for malicious cyber criminals. If a criminal was to obtain this type of information, they could potentially use it for identity theft or other crimes.

When these types of Amazon servers are left unprotected, they can actually be quite easy to access. All one needs is the address of it, and they will then be able to view and download the stored files. In fact, they would even be able to edit the files right from their browser. These servers are set to private access by default, but some of those in charge will change them to public, sometimes because this allows them to be easily shared internally. But, when choosing to open up a server like this, password protection is one of the most basic security measures that should be immediately implemented. Unfortunately, this does not always get put in place, whether it be due to negligence or carelessness. When any organization is looking to store sensitive data on a web server, adequate security protocols and permissions should be in the forefront of setup. To be so lackadaisical about very simple security measures can place the organization, employees, and customers at risk.

Employing Data Breach Solutions to Handle a Breach

When it comes to an incident like the above, there are numerous remediation actions that must be rapidly performed, otherwise referred to as data breach solutions. An organization must be able to plug the immediate hole, address data left online, increase security, and work with those that were affected. Notification of those affected is one of the most important steps, so hopefully, Creditseva completes this. A data breach can have much further consequence than the immediate data loss, as it can result in reputation and trust damage, as well as potential lawsuits. Negligence has no place in the handling of a data breach, and it could cause an organization to fail under certain circumstances. If an organization finds themselves without adequate resources to complete the above, they should enlist outside assistance to address the incident. In most cases, it is possible to come back from a data breach, but it must be adeptly handled for this to happen. Data breach solutions from Massive Alliance can help organizations to fully address breaches.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.