Do you remember where you were between June 1 and June 12, 2017?
Your home address, birth date, phone number and political leanings were all up for grabs this past June. Nearly 200 million US voter records were there for the taking for anyone with a network connection, thanks to a media analytics firm who failed to keep your data secure.
Deep Root Analytics is responsible for the largest known exposure of voter information in history. For a few warm, summer days in June, Deep Root left the personal data of almost 200,000,000 registered voters unsecured on a publicly accessible server. That means nearly half of the US population had their personal info in the public domain.
It took eleven days, and someone from outside the organization, to notice something was wrong. A cyber-risk analyst at UpGuard discovered the exposed data when he was able to access the information without a password.
“Anyone with an internet connection could have accessed the voter data,” UpGuard revealed.
One of the most important points of this unfortunate story is that this was not even a hack. This was not an attack from the outside in. Nor was anyone knocking on the door of Deep Root Analytics’ servers. It was not a hack, but a leak.
Deep Root Analytics did not bother to protect their clients’ sensitive data, putting the safety of millions on the line, and compromising their own corporate reputation.
Although no one hijacked the data, it raises the question, is that even the point?
Simply put, securing your network and its contents is an insurance policy. The price of proper protection is invaluable, especially when the cost of a damaged reputation could cost you your company.
Deep Root didn’t have a breach plan. In fact, they didn’t even have a security plan!
When you don’t take the proper steps to secure sensitive data, you become your own worst enemy. While, thankfully, the data was not accessed or abused, Deep Root nonetheless cost millions of Americans their confidence in services they trust to keep their information safe.
Meanwhile, Deep Root is mired in a class action lawsuit, and is the target of much public anger – and rightly so.
The takeaway: Great security is great insurance, and great insurance is just common sense.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
To better see the threats on your network, try DNS
DNS is a vector used in most cyber attacks. When it comes to DNS, BlueCat can enhance visibility, detection, and containment of threats to your network.
Webinar: Threat Protection
BlueCat Solution Architect Steffen Probst discusses how intelligent security from BlueCat uses DNS to protect internal and external traffic against threats.
WFH, DOH & DNS: Keeping networks secure during unprecedented change
As we work from home, DOH (DNS over HTTPS) use is up by 1,500%. Learn what DNS tells us about network security and how BlueCat and Cisco Umbrella can help.
Domain Generation Algorithms 101
Dissecting the malware technique that keeps threat hunters guessing. For cybersecurity professionals and threat hunters, it can feel like advanced…