728 x 90

Fortune 500 company Tech Data leaked 264GB of private data

Fortune 500 company Tech Data leaked 264GB of private data

That’s the only bit of the URL you’re getting GETTING AN EMAIL from security researchers must induce panic attacks in digital heads around the country. The latest to get the dreaded email is Fortune 500 technology giant Tech Data, which was informed by security researchers Noam Rotem and Ran Locar that the company’s log management

Fortune 500 company Tech Data leaked 264GB of private data

That’s the only bit of the URL you’re getting

GETTING AN EMAIL from security researchers must induce panic attacks in digital heads around the country. The latest to get the dreaded email is Fortune 500 technology giant Tech Data, which was informed by security researchers Noam Rotem and Ran Locar that the company’s log management server was leaking personal data. Not a little data either: 264GB worth.

This data wasn’t inconsequential: a sample seen by TechCrunch contained names, postal addresses, email addresses, job titles, invoicing data and receipts, as well as partial payment information like card type, cardholder names and expiry dates.

While the card numbers were obfuscated, the data wasn’t encrypted, and it’s possible there’s more than this: going through an entire 264GB file is somewhat time-consuming, after all. The site did say the sample its reporters saw contained “tens of thousands of customers,” and it was a fraction of the larger database.

This data was kept on a server for support agents to look at for troubleshooting purposes, but the company had neglected to put a password on it – meaning anybody with access to a web browser could look at the logs at will.  

The leak was disclosed to Tech Data on 2 June,§ with the company responding with a fix two days later, which isn’t too bad a turnaround time, even if the error itself is still hard to forgive.

“Within hours of learning of this, the security vulnerability was corrected, and the server was disabled,” a Tech Data spokesperson told ZDNet.

“Based on what we know at this time, there is no evidence that the data stored on the affected server was misused for any unauthorised transactions or other fraud. We are continuing to investigate this incident and will satisfy all data reporting requirements, as needed.”

The spokesperson added that no login information for accounts was stored on the server. That’s the closest you’re getting to good news in this story, so enjoy. µ

Further reading

[ad_2]

Source link

Susan E. Lopez
ADMINISTRATOR
PROFILE

Posts Carousel

Leave a Comment

Your email address will not be published. Required fields are marked with *

Latest Posts

Top Authors

Most Commented

Featured Videos