Exploit: Unsecured Database
K7 Maths: Education Services Provider
Risk to Small Business: 2.077 = Severe
The Australian Computer Emergency Response Team (AusCERT) determined that The Department of Education, Skills, and Employment (DoE), was not to blame in a breach incident after researchers downloaded the personal details of more than one million students, teachers, and staff from a Dark Web site. Instead, the breach was traced to education services provider K7 Maths and an unsecured Elasticsearch cluster, likely as part of a March 2020 incident. The leaked data contained details such as first names, emails, password strings, and K7Maths site settings.
Individual Risk: 2.837 = Moderate
The leaked information could be used to launch spear phishing attacks and credential stuffing attempts. Users of the system should use caution in handling suspicious messages.
Customers Impacted: 1,000,000
How it Could Affect Your Customers’ Business: Failing to keep information secure as a service provider could mean that your business loses contracts and opportunities. It can also damage your business reputation as a reliable partner because it creates an impression of carelessness.