.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Marriage Tax Refund
Dec 18, 2020 2:21:35 PM
The target: Marriage Tax Refund, a UK-based tax relief organization.
The take: 100,000 records of personally identifiable information including: full name, gender, home address, partner name and address, and refund amounts.
The attack vector: The firm had misconfigured its WordPress based Client Management Service, exposing a directory list containing PDF documents to the public. There was no password protection or credential management in place, meaning anyone with an internet connection could have viewed and downloaded the contents of the database.
Compromised management software of client data poses a high risk for a firm. Robust credential control around software which manages personally identifiable information is critical to maintaining a firm’s security and that of their clients. This breach highlights the importance of the management of client systems which contain client data, and how this information is accessed and secured, giving a critical reminder of how closely it needs to be managed.
