"It is exceptionally frustrating to see events such as this in modern times where encryption of files is a trivial process yet has been ignored by an organization whose primary purpose is the collection of sensitive information," says Erich Kron, Security Awareness Advocate at KnowBe4. "In addition, allowing an unprotected folder to be available directly from the internet is a major lapse in security."
"The icing on the cake is the failure to take a report of this exposed data seriously when the researcher attempted to disclose it. The information found in these files can be especially useful to social engineers who want to create email, text or voice phishing campaigns."
"Incidents like these are the reason I strongly suggest requesting to have your personal information removed from as many data brokers as you possibly can. Data brokerage databases are a popular target among bad actors, simply because of all of the data available."
Collection
[
|
...
]