CLOUD
CLOUD
CLOUD
Dow Jones is the latest company to expose customer records on a cloud server
Dow Jones & Co. has followed in the footsteps of Verizon Communications Inc. by leaving private customer records exposed to the public on a cloud server.
Similar to Verizon, the 2.2 million records were found publicly available on an unsecured Amazon Web Services S3 bucket and were also discovered by Chris Guard of the security firm UpGuard Inc.
“The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron’s,” Guard wrote in a blog post. “Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations.”
Dow Jones also admitted that the data being publicly available was due to a massive security mess, saying the exposure was “due to an internal error, not a hack or attack.” The company also claimed that there was no proof that anyone with malicious intent had accessed the data.
“The massive breach of personal data of millions of Dow Jones customers is yet another perfect example of the importance of securing cloud environments,” Sanjay Beri, chief executive officer of security company Netskope Inc., told SiliconANGLE. “That doesn’t simply mean ‘educate your employees’ — that’s important, but human error is always going to play an outsized role in data breaches. It’s bound to happen, and someone who ‘just forgot’ or ‘thought it had already been done’ simply didn’t set security measures up properly.”
Beri added that “it’s important to rely on automated policies as a check to humans when securing cloud environments — areas like access control and anomaly detection can significantly reduce the risk of leaks like this from happening.”
With two instances of what is meant to be private data being found on publicly accessible cloud servers in two weeks, the only question now is which company will complete the bungled-cloud-security hat trick before the end of the month.
Photo: johngonefishing/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
