shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: CVS

      Jun 18, 2021 10:47:35 AM

      The target: CVS, a U.S-based retailer and pharmacy company.

      The take: Exposure of an estimated one billion records of information including: event and configuration data, visitor IDs, session IDs, device access information, a schematic of the logging system used by the website, and queries for medications including COVID-19 vaccines.

      The attack vector: Misconfigured cloud service database, controlled by a third-party vendor, with no password protection or credential management, letting anyone with an internet connection download and access the data.

      This breach highlights the risk of working with third-party vendors and the importance of regular auditing to ensure they are following best practice when handling data. The storage of sensitive information should follow industry standard practices be managed with proper credential deployment and security, no matter if a firm’s data is on their own servers or in the hands of another party.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates