The Target: Cornerstone Payment Systems
The Take: Exposure of 9 million transaction records which exposed Personally Identifiable Information including: email addresses, names, physical addresses, phone numbers, types of credit cards and donation details including destination and dollar amount.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. This data is perfect for constructing highly effecting spear-phishing campaigns. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.