The Target: CorrectCare, a U.S based integreated health service for correctional facilities.
The Take: Exposure of Personally Identifiable Information of 600,000 inmates including: name, date of birth, social security number, and limited health information.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture. Multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s data.