Background
Paige “Erratic” Thompson – a former Amazon Web Services employee – hacked an AWS sever storing an insurance company’s customer information. Once Erratic gained access to the server, she was able to obtain information on more than 100 million customers.
Most of the data she was able to collect was non-critical, such as names, email and physical addresses. That said, we shouldn’t minimize the severity of the breach. Thompson was able to get her hands on 1 million Canadian Social Insurance numbers, 140,000 Social Security numbers and 80,000 bank account numbers. Keep in mind, having someone’s name, address and Social Security number is all you need to steal their identity and establish loans in their name.
What’s The Lesson for ANY Business
Irrespective of the size of your business, there’s a lesson to be learned… this breach is just one of many that could have been easily avoided.
The AWS server was simply misconfigured, which allowed the hacker to access sensitive customer data. All they needed to do was apply a security patch that had been released three months before they were attacked!
Sadly, for everyone today, the other lesson to be learned from the ever increasing number of breaches: If you share your personal information online, you should expect that one day it will end up in a data breach.