Exploit: Unsecured Database
Nohow International: Staffing Firm
Risk to Small Business: 1.411 = Extreme
In a devastating blunder, unsecured Microsoft Azure Blob exposed deeply sensitive documents of more than 12,000 construction workers. The treasure trove contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International in the course of gaining and changing employment with the staffing firm.
Individual Risk: 1.221 = Severe
Employee data impacted in this breach includes scans of passports, national IDs, birth certificates, and tax returns. This data also contained MSG files of email messages sent by construction workers to Nohow’s email address used specifically for receiving documents. The email messages include the workers’ personal and payment information, such as taxpayer reference and national insurance numbers, as well as banking details. This extremely sensitive information can be used to facilitate spear phishing attacks and identity theft.
Customers Impacted: 12,000
How it Could Affect Your Customers’ Business: Failure to secure an average database is a ding to a company’s reputation for trustworthiness, but failing to secure a database full of extremely sensitive information like this could be devastating.
Source:
https://www.constructionnews.co.uk/contractors/amey/amey-hit-by-cyber-attack-05-01-2021