shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Portpass

      Oct 15, 2021 9:23:12 AM

      The target: Portpass, a private proof-of-vaccination mobile application.

      The take: Exposure of potentially 650,000 records of personally identifiable information including: email addresses, names, blood types, phone numbers, birthdays, and driver's licences

      The attack vector: Portpass stored user profiles on their website, accessible to the public, which exposed the above information to anyone visiting the site. This data not encrypted and was stored as plain text.

      Use of industry standard authentication protocols is an integral part of maintaining a rigorous cybersecurity posture, and it is critical to employ robust practices of credential management, user authentication and validation, around all points of access, especially public facing ones, in a firm’s IT network. This breach also highlights the important of encryption as a method to improve the security of stored data, which can still protect the exposed information.

      Read more...

      Topics:Know Your Breach

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates