Exploit: Exposed database
Proton Technologies AG: GDPR compliance advice website
Risk to Small Business: 1.672 = Severe
An exposed database compromised users’ login credentials on GDPR.EU, an advice site for organizations striving to improve data privacy compliance that is partially sponsored by the Horizon 2020 Framework Programme, an EU research program. The ironic cybersecurity incident was easily-identifiable by cybersecurity researchers, who reported the vulnerability to developers. For a company that relies on institutional funding to power its platform, this incident is an embarrassing failure that could impact its long-term viability as a government partner.
Individual Risk: 2.509 = Moderate
The breach compromised usernames and passwords, and victims should immediately reset their account credentials. In addition, any accounts that use the same username and password combination could also be compromised, and users should immediately update that information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While we rightly give a lot of attention to the financial cost of a data breach, many organizations fail to appraise the reputational damage that accompanies a cybersecurity incident. Especially for organizations predicated on their data privacy expertise, even a relatively small oversight can have significant consequences.