It seems intuitively obvious that, without good security (encryption, access management, firewalls) private data is at risk. What is less obvious is that the reverse is also true; data leaks enable security breaches.
Storage giant Seagate suffered exposure of the withholding-tax records of some 12,000 employees following a phishing attack.
At the time Seagate noted that there was no evidence that the information had been misused, also known as the absence-of-evidence defense.
Fast-forward a year or so, and the evidence has appeared.
As is usual in these cases, we have a combination of failures, such as: Continue reading “Unrestricted email plus full PII access: recipe for trouble”