Do you remember where you were between June 1 and June 12, 2017?
Your home address, birth date, phone number and political leanings were all up for grabs this past June. Nearly 200 million US voter records were there for the taking for anyone with a network connection, thanks to a media analytics firm who failed to keep your data secure.
Deep Root Analytics is responsible for the largest known exposure of voter information in history. For a few warm, summer days in June, Deep Root left the personal data of almost 200,000,000 registered voters unsecured on a publicly accessible server. That means nearly half of the US population had their personal info in the public domain.
It took eleven days, and someone from outside the organization, to notice something was wrong. A cyber-risk analyst at UpGuard discovered the exposed data when he was able to access the information without a password.
“Anyone with an internet connection could have accessed the voter data,” UpGuard revealed.
One of the most important points of this unfortunate story is that this was not even a hack. This was not an attack from the outside in. Nor was anyone knocking on the door of Deep Root Analytics’ servers. It was not a hack, but a leak.
Deep Root Analytics did not bother to protect their clients’ sensitive data, putting the safety of millions on the line, and compromising their own corporate reputation.
Although no one hijacked the data, it raises the question, is that even the point?
Simply put, securing your network and its contents is an insurance policy. The price of proper protection is invaluable, especially when the cost of a damaged reputation could cost you your company.
Deep Root didn’t have a breach plan. In fact, they didn’t even have a security plan!
When you don’t take the proper steps to secure sensitive data, you become your own worst enemy. While, thankfully, the data was not accessed or abused, Deep Root nonetheless cost millions of Americans their confidence in services they trust to keep their information safe.
Meanwhile, Deep Root is mired in a class action lawsuit, and is the target of much public anger – and rightly so.
The takeaway: Great security is great insurance, and great insurance is just common sense.
SUNBURST/Solorigate Situation Briefing
BlueCat leaders discuss how the malware attack via SolarWind’s Orion platform exploited DNS and how BlueCat Edge could have helped to detect it.
January 21, 2021: Learn more about how the SUNBURST/Solorigate malware exploited DNS to execute its attack.
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.
On the road to platform hardening, consider a STIG
Security Technical Implementation Guides standardize security configuration on networks, servers, and devices. BlueCat uses them and you can, too.