CISO Case Files: Gold Dust Servers

There’s gold in them servers: 

Moving is incredibly stressful. Itemizing every little thing, packing them so they don’t get broken, cleaning up all the stuff left behind. But stuff always gets lost or left behind during a move, sometimes incredibly valuable things.  During the California Gold Rush, savvy investors would purchase shacks from gold miners that had struck it rich and decided to upgrade their living situation.  After the purchase was complete, the new owner would tear up the floors revealing piles of gold dust that accumulated from years of miners bringing home their precious findings.  It was common for the new owners to recoup all their expenses and gain enough to purchase another shack.    Hackers have adopted a similar strategy, hunting for old unprotected servers left behind after migrations.  Just like the savvy investors of old hackers will tear up old servers searching for valuable data left behind by previous owners. 

Details from the Crime Scene: 

Our client had enjoyed a streak of growth and sought to improve by implementing a new rewards program. An outside agency was selected to handle migrating customer data from the old platform to the new digital rewards program.  Two months into the project, the marketing agency’s IT department carried out a migration of its services to new hardware. The rewards program went well — it increased customers’ satisfaction and loyalty scores; however, there were unintended consequences. Unfortunately, some data was left on the old server, including our client’s database extract of buyer’s behavior.  Our client’s customer data was now unprotected and publicly exposed. 

CybelAngel Investigates: 

CybelAngel protects our customers by continuously scanning billions of IP addresses across the internet for digital threats and leaked documents. CybelAngel detected the open server and the database extract soon after the agency’s migration began. Contained on an unprotected server were over one million customer records with data including email, passwords, DOB, and more.  Once our platform found the leaking data it was processed through our Machine Learning algorithms applying a first sensitivity screening and predicting a critical incident.  Learn how machine learning helps detect data leaks here This prediction triggered an alert and our Analyst Team began their investigation.

Arresting the Leaks: 

The key context obtained from our analysts’ investigation provided actionable information for our clients. With the detailed incident report in hand, our clients could contact the marketing agency to order an immediate increase in security for the legacy server. Fortunately, an audit of the marketing agency’s network revealed that no other IP had connected to the unprotected server, except the CybelAngel tools. Should this data leak have turned into a major breach, our client faced potential CCPA (California Consumer Privacy Act) punitive actions, lawsuits, as well as a loss of its customers’ trust. With a little more than one million customer profiles being leaked it would have cost our client hundreds of dollars per record to remediate if they were breached. Compared to mega-breaches of the past, see Marriott and British Airways, remediating this leak before it became a breach prevented fines that could have totaled over a hundred million dollars.  You can read more about protecting your bottom line from data breaches here. 

Detectives Notes: 

The digital revolution has brought incredible growth in profits and risk. Data-driven reward programs help retailers strike their claim, sifting and panning for customer gold via greater satisfaction and success. But once your stake your claim and riches are found, others will push around the margins seeking a way in.  CybelAngel’s free Data Exposure Dashboard will find the leaks hackers use to steal your customers’ data before it happens. If you’re looking to buy another company’s gold mine of customer data our Mergers and Acquisitions Due Diligence can make your assets haven’t already been strip-mined by leaks and hackers.  Remember leaks are inevitable, Damage is optional.