Exploit: Unsecured Database
Virtual Mail Room: Communications Firm
Risk to Small Business: 1.661 = Severe
More than 50,000 letters and financial statements sent by Councils and banks to people in the UK, US, EU, and Canada were left exposed in an unsecured database in a blunder by London-based Virtual Mail Room. A database of letters sent by local authorities reveals the names and addresses of 2,300 people living in Croydon. Councils in Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey. Also exposed were letters to 6,500 customers of Aldermore Bank, 250 Metro Bank customers, and royalty statements for the publishing firm Pearson. The names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible.
Individual Risk: 1.721 = Severe
The data exposed included personal financial information and sensitive data. This kind of information can be used for cybercrime including impersonation scams, identity theft, and spear phishing.
Customers Impacted: 20,000+
How it Could Affect Your Customers’ Business: This egregious mistake highlights the risk of third-party exposure that many businesses face from service providers or work that’s farmed out. Not only can your data be stolen through carelessness with cybersecurity practices, but your customers’ can also be stolen too, reflecting poorly on you.