Exploit: Accidental data sharing
MASC: Agriculture products and services provider
Risk to Small Business: 2.847 = Moderate
An employee accidentally attached a document containing the names and contact information for more than 130 clients. The incident is an embarrassing oversight, requiring MASC to notify its clients of the self-inflicted data breach. In response to the breach, MASC acknowledged that it’s implementing new policies and procedures to guard against a similar data breach in the future. However, there is no guarantee that these steps will assuage clients, who could shy away from partnering with organizations without data security processes in place from day one.
Individual Risk: 2.922 = Moderate
The breach exposed organizational contact information, which could include certain employees’ personal data. This information can be used to craft convincing phishing scams, and employees should carefully evaluate the authenticity of incoming communications.
Customers Impacted: 134
How it Could Affect Your Customers’ Business: As we’ve reported on our blog, accidental and malicious insider threats pose a meaningful data privacy risk to every organization. While many organizations are rightly focused on external cyber threats, it’s important to account for a 360-degree approach to cybersecurity that includes effective policies and procedures to prevent insider threats from compromising company data.