Navionics srl a socio unico, a division of Garmin Ltd. that offers marine navigation services, is the latest to suffer from a data breach, exposing the records of more than 260,000 customers.

The data, discovered by security researcher Bob Diachenko, were left open to all and sundry on an unsecured MongoDB database and was indexed by the Shodan search engine on Sept. 10.

Some 19 gigabytes of data was exposed consisting of 261,259 records that included information such as email addresses, customer names and in some cases purchased product IDs and user IDs. Navionics confirmed the breach, saying in a statement that it’s “grateful that Mr. Diachenko notified us of this misconfiguration using the responsible disclosure model.”

“Once notified, we immediately investigated and resolved the vulnerability,” the company noted. “Following our investigation, we confirmed that none of the records or data were otherwise accessed or exfiltrated and none of the data was lost. Even so, Navionics still notified affected customers via e-mail by October 8, 2018.”

Discussing the news, Ryan Wilk, vice president of customer success for NuData Security Inc., told SiliconANGLE that it’s yet another example of how difficult monitoring and securing data is, as well as a reminder that patching vulnerabilities and reviewing security architecture and authentication is “not a checkbox, but an ongoing process.”

“Consumer data has been going through the meat grinder lately with the number of exposures, attacks and information that has been stolen, by cybercriminals,” he said. “Once this information falls into the wrong hands it is used to make synthetic identities, and take over identities and accounts.”

As a result, he added, companies are implementing layered defenses, including passive biometrics and behavioral analytics to identify consumers by their behavior. “By doing so, inadvertent mistakes like a misconfigured database exposing personal information won’t put the victim’s identity at risk,” he said.

Image: Navionics