Exploit: Insider Incident (Accidental)
NOW:Pensions : Workplace Pension Services
Risk to Small Business: 1.667 = Severe
NOW: Pensions recently informed clients of a contractor error that led to information exposure. The company explained that user data was “unintentionally” posted on an unnamed public forum, with data exposed between 12/11/20 and 12/14/20, and reportedly accessed by “a small number of third parties. Appropriate authorities have been informed and the incident is under investigation.
Individual Risk: 1.701 = Severe
The exposed records include biographical data for pensioners (names, email addresses, and dates of birth) as well as National Insurance numbers. The company is offering impacted clients credit and identity theft monitoring. Clients should be aware of phishing and fraud attempts mounted using this data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This complex incident will be a nightmare to unravel, even if it was actually an accident. By allowing the wrong person access to client data, that data was compromised and this company faces big bills ahead.
Source:
https://www.theregister.com/2020/12/22/data_breach_now_pensions