A British travel company fell victim to a data breach exposing records for over a half-million customers:
UK-based travel company Teletext Holidays left a trove of its customer data unsecured, exposing 530,000 files including some to 200,000 audio files of calls made by customers.
The Amazon Web Services (AWS) server, left unsecured for three years, showed the names of the users, their email and home addresses, telephone numbers and dates of birth, reported Verdict.
The calls, which range from a few minutes to up to an hour, discuss personal holiday details including location, flight time and cost. The files have since been removed, said the report…
…“There’s a new incident reported every few weeks that stresses the need to extend basic security controls to cloud environments. Organisations need to ensure they’re implementing critical security controls regardless of where the systems reside,” Erlin added.
And unsecured cloud servers that hold detailed customer information, such as the one at Teletext, are the lowest-hanging fruits for data-sellers.
Left “unsecured” for three years? If they let this server languish for three years, what else in the enterprise is unknowingly up for grabs?
Never lose track of your environment – track and audit everything on a consistent schedule.