Dow Jones is the latest company to expose customer records on a cloud server
Dow Jones & Co. has followed in the footsteps of Verizon Communications Inc. by leaving private customer records exposed to the public on a cloud server.
Similar to Verizon, the 2.2 million records were found publicly available on an unsecured Amazon Web Services S3 bucket and were also discovered by Chris Guard of the security firm UpGuard Inc.
“The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron’s,” Guard wrote in a blog post. “Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations.”
Dow Jones also admitted that the data being publicly available was due to a massive security mess, saying the exposure was “due to an internal error, not a hack or attack.” The company also claimed that there was no proof that anyone with malicious intent had accessed the data.
“The massive breach of personal data of millions of Dow Jones customers is yet another perfect example of the importance of securing cloud environments,” Sanjay Beri, chief executive officer of security company Netskope Inc., told SiliconANGLE. “That doesn’t simply mean ‘educate your employees’ — that’s important, but human error is always going to play an outsized role in data breaches. It’s bound to happen, and someone who ‘just forgot’ or ‘thought it had already been done’ simply didn’t set security measures up properly.”
Beri added that “it’s important to rely on automated policies as a check to humans when securing cloud environments — areas like access control and anomaly detection can significantly reduce the risk of leaks like this from happening.”
With two instances of what is meant to be private data being found on publicly accessible cloud servers in two weeks, the only question now is which company will complete the bungled-cloud-security hat trick before the end of the month.
Photo: johngonefishing/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU