shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Avon

      Aug 7, 2020 12:09:57 PM

      The target: Avon, a London-based cosmetics firm

      The take: 19 million records of Personally Identifiable Information included: full names, phone numbers, dates of birth, email and home addresses. In addition, 40,000 security tokens, internal logs, account settings, and technical server information was also stolen.

      The attack vector: The information was accessed from a wide open misconfigured cloud server for which there was no password protection or encryption. The server, which was publicly accessible on the internet to anyone with its IP address, was up for 9 days before being taken down.

      Phishing attacks made possible through the personal information leaked here would be highly effective, however what’s potentially more damaging are the exposure of the technical details. Possessing this information could lead to attacks establishing full control of Avon’s servers and more. The storage of configurations which outline a firm’s technical operation is highly valuable and its exposure can have severe consequences. When this high level of information is compromised, threat actors could execute actions to take control of nearly every aspect of a company’s data and operations.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates