Jul 22, 2022 11:39:04 AM
Jul 22, 2022 11:39:04 AM
The Target: Morgan Hunt, a British recruitment agency.
The Take: Exposure of Personally Identifiable Information including: names, contact details, identity documents, proof address documents (bank or building statements, national insurance number, and date of birth.
The Vector: The attackers breached a third-party software developer of Morgan Hunts who were storing access credentials to their database with no authentication or access controls.
This breach is a stark reminder that authentication controls are a critical piece in an overall robust cybersecurity posture. Furthermore, all steps should be taken by a firm to ensure any third-party vendor who can access their data is employing the requisite methods. Enforcing multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy