Security researchers uncover data breach at credit services firm which left thousands exposed with sensitive information available to view on the web.
Another week, another data breach. One of India’s leading credit services firms, Creditseva, has been hit by a data breach which has reportedly affected around 48,000 Indian citizens.
Personal and financial data which included driver’s licenses, home addresses, credit reports and more were said to have been exposed in an insecure Amazon Web Service server, according to Kromtech security researchers, who were the first to locate the breach. Shockingly, one of the security researchers stated the critical information was stored on a “misconfigured Amazon S3 bucket that was not password protected.”
The Creditseva breach is a perfect case for data encryption to be implemented across all systems that store Personally Identifiable Information (PII) - whether it is held within the organisation or in a cloud provider. If the data is encrypted, it is unusable should an attacker breach the system. The only way the information can be exploited is if the hacker has access to the encryption keys, which are securely held by the data controller from the organisation.
The Creditseva data breach comes a month after Jio’s colossal data breach which hit an estimated one million people and is considered to be one of the largest data breaches in India’s history. Besides potential fines the companies may face from regulators, data breaches have been shown to have a negative affect on share prices, with a recent Comparitech study citing that three years on, breached companies underperform the market by 42%.
It’s imperative that organisations secure PII as failure to do so not only puts customer information in danger but it will place the company in the firing line with regulators. In Europe in particular, the impending General Data Protection Regulation (GDPR) allows for no grey area as the organisation is held responsible for the data and failure to properly secure the data will result in severe fines.
For organisations looking for a robust and secure solution that will run seamlessly with your third-party SaaS or cloud provider, then the eperi Cloud Data Protection (CDP) Gateway is the complete package. Benefits of the eperi Gateway include open Source software which eliminates the possibility of backdoors, full control over the encryption key management as well as keeping the data secure when performing necessary data searches.
With cyber attacks occurring on a global scale, organisations around the world should be implementing encryption as a security measure to keep data secure, even in the event that the company is breached.