Tech Data, a Fortune 500 company and one of the biggest supplies of IT solutions, recently came under fire after receiving an email from two cybersecurity experts. According to the inflammatory email, the company leaked at least 260GB of sensitive data.
Inside sources reveal that that data was stored on one of the company’s in-house servers, which was not password-protected. Two days after receiving the notification, Tech Data took down the server and launched a full investigation to ascertain the damages.
How could a Fortune 500 IT Company Store Data on an Unsecured Server?
Earlier this week, Ran Local and Noam Rotem, two cybersecurity researchers from vpnMentor, sent an email to Tech Data Corporation after discovering a major data breach. The document reveals that at least 260 GB of data leaked from an undisclosed company server.
A vpnMentor analysis shows that the exposed data contained sensitive information such as names, physical addresses, payroll details, card type, and expiry dates.
The company issued a statement two days after receiving the email. It would appear that the problem has been resolved. As for the leaked info, no incidents have been recorded so far. That’s good news.
The bad news is that hundreds of Tech Data employees have to change their passwords, request news PINs for their debit and credit cards; not to mention the fact that the person or persons who accessed the unsecured server knows where all the employees leave.
According to vpnMentor, this isn’t the first time when a Fortune 500 company got hacked. In fact, over the past decade, one in four companies experienced cybersecurity breach. A vpnMentor report from 2018 suggests that have 40 hacks, nearly double compared to 2017.
Called the Hackers’ Eldorado, these companies lost billions of dollars due to cybercrime. The same report reveals that the most valuable targets for hackers appeared to be the gas extraction, oil, quarrying, and mining sectors.
As for the recent incident involving a Fortune 500 company, according to the incident report, the leaked data log was part of a larger database, one that contained sensitive customer information.
In response to the email, a company spokesperson declared that the incident was isolated and must have occurred after the database was moved to a server for telemetry extraction. The worst part is that the server was left unattended and wasn’t even protected by a master password.
Will the company face legal action in the wake of vpnMentor’s report? It’s highly unlikely, but that doesn’t excuse the fact that sensitive info has been stored on an unsecured server. 260 GB may not seem like much, considering that nowadays triple-A PC games take up at least 100 GB of storage.
However, we should take into account the fact that this smaller database portion contains info you wouldn’t want to fall into the wrong hands: address, name, debit card details. The company said that the problem was addressed and will pursue all avenues of investigation in order to discover the perpetrator.
So, what do you think about Tech Data’s cybersecurity breach? Head to the comments section and let us know.