The Target: NorthOne Bank, a financial technology company based in the United States.
The Take: Exposure of over 1 million financial records of Personally Identifiable Information including: names, email addresses, physical addresses, phone numbers, amounts paid, due date, and some tax information.
The Vector: A misconfigured database was left open and unsecured with no password, meaning anyone with an internet connection could have viewed and downloaded the PDF documents.
This shows how important authentication controls are and that they be purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.