Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Another incident to remind us that our vendor/contractor's security practices are part of our security - One of American Express (India) subcontractor missed to encrypt 700,000 customer records , exposing names, email addresses, phone numbers and card type.

Thursday, November 8, 2018

Another incident to remind us that our vendor/contractor's security practices are part of our security - One of American Express (India) subcontractor missed to encrypt 700,000 customer records , exposing names, email addresses, phone numbers and card type.

The bulk of the data – more than 2.3 million records – it housed was encrypted, requiring an encryption key but the nearly 700,000 customer records were in plaintext, exposing names, email addresses, phone numbers and card types.
the database was not managed by AmEx itself but instead by one their subcontractors who were responsible for SEO or lead generation.

Sensitive information is left publicly available in a data repository due to poor developer practices

https://www.scmagazine.com/home/security-news/leaky-mongodb-server-exposes-personal-info-on-700k-amex-india-customers/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Thursday, November 8, 2018

Another incident to remind us that our vendor/contractor's security practices are part of our security - One of American Express (India) subcontractor missed to encrypt 700,000 customer records , exposing names, email addresses, phone numbers and card type.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive