CenturyLink has reported that a customer information database of 2.8 million records was found exposed. The database was affiliated with a third-party notification platform and has been exposed for 10 months.
CenturyLink said in a statement sent to Comparitech that “The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised. CenturyLink is in the process of communicating with the affected customers.” Nevertheless, the data breach raises some concerns and it is a further example of highly sensitive consumer data left exposed because of a simple security mistake.
To understand the significance of the data breach, Digital Journal spoke with DivvyCloud Co-Founder and CTO Chris DeRamus. DeRamus looks at the increasing number of data breaches caused by misconfigurations and the proper security strategies and steps that need to be enforced by companies to mitigate this risk.
DeRamus begins by placing the data breach in context with other data-issues that are affecting the business community, largely through poor design: “The recent CenturyLink MongoDB database leak is just one of a long list of serious data breaches caused by misconfigurations.”
In terms of parallel cases, DeRamus notes: “It was just earlier this year when security researchers discovered Verifications.io’s unprotected, publicly accessible MongoDB database, exposing nearly 809 million records containing employee and business data.”
Such weaknesses mean that enterprises need to safeguard data more securely. DeRamus notes: “Within every company, data is king and collecting, storing and leveraging data is essential to running a business effectively. Companies need to ensure proper security in their own IT environments, but also ensure that their partners, vendors and other connected parties are leveraging best practices and advanced tools to keep data safe.”
continue reading at digitaljournal