Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Database Security. Show all posts
Employee Data
Australia Australian Businesses Cybersecurity Researchers Data Breach Data Leak data security Database Leaked Database Security Employee Data

Sydney Tools Data Leak Exposes Millions of Customer and Employee Records

 

A major data leak from Sydney Tools, an Australian retailer specializing in power tools, hand tools, and industrial equipment, has potentially exposed the personal information of millions of customers and employees. The breach, discovered by cybersecurity researchers at Cybernews, involved an unprotected Clickhouse database that remained publicly accessible online, allowing unauthorized individuals to view sensitive data.  

According to the report, the database contained more than 5,000 records related to Sydney Tools employees, including both current and former staff. These records included full names, branch locations, salary details, and sales targets. Given that Sydney Tools reportedly employs around 1,000 people, a large portion of the exposed records likely belong to individuals who no longer work for the company. While no banking details were included in the leak, the exposure of employee information still poses a significant security risk. 

Cybercriminals could use these details to craft convincing phishing scams or for identity theft. Beyond employee data, the breach also exposed an even larger volume of customer information. The database reportedly contained over 34 million online purchase records, revealing customer names, email addresses, phone numbers, home addresses, and details of purchased items. The exposure of this information is particularly concerning, as it not only compromises privacy but also increases the risk of targeted scams. 

Customers who purchased expensive tools and equipment may be especially vulnerable to fraud or burglary attempts. Cybernews researchers have expressed serious concerns over the extent of the breach, highlighting that the database includes a mix of personally identifiable information (PII) and financial details. This kind of information is highly valuable to cybercriminals, who can exploit it for various fraudulent activities. The researchers attempted to notify Sydney Tools about the security lapse, urging them to secure the exposed database. 

However, as of their last update, the data reportedly remained accessible, raising further concerns about the company’s response to the issue. This incident underscores the ongoing risks posed by unprotected databases, which continue to be one of the leading causes of data breaches. Companies handling large volumes of customer and employee information must prioritize data security by implementing robust protection measures, such as encryption, multi-factor authentication, and regular security audits. Failing to do so not only puts individuals at risk but also exposes businesses to legal and reputational damage. 

With cybersecurity threats on the rise, organizations must remain vigilant in safeguarding sensitive information. Until Sydney Tools secures the database and provides assurances about how it will handle data protection in the future, customers and employees should remain cautious and monitor their accounts for any suspicious activity.
Read more »
Vulnerabilities and Exploits
Database Security On-Premises Databases Unpatched Flaws Vulnerabilities and Exploits

Nearly 50% of On-Premises Databases Have Unpatched Vulnerabilities

 

The five-year longitudinal research conducted by cybersecurity firm Imperva revealed that nearly half of on-premises databases globally contain at least one flaw that could expose them to cyber-attacks.

Researchers scanned roughly 27,000 databases, finding 46% contained vulnerabilities at an average of 26 vulnerabilities per database. Unfortunately, 56% of those vulnerabilities were ranked as ‘critical or high severity’, and some of them have gone unaddressed for three or more years. This suggests that many organizations are not prioritizing the security of their data and neglecting routine patching exercises.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data,” said Elad Erez, Imperva's Chief Innovation Officer. 

A regional analysis of the data shows that France tops the list, with 84% of databases containing at least one flaw, at an average of 72 vulnerabilities per database. France is followed by Australia (65%, 20 vulnerabilities on average), Singapore (64%, 62 security flaws per database), UK (61%, 37 vulnerabilities on average), China (52%, 74 flaws per database), and Japan (50%). In the United States, 37% of databases have at least one vulnerability that could expose them to attacks, with an average of 25 issues per database. 

Given the number of security holes that exist in on-premises databases, it should come as no surprise that the number of data breach incidents has increased 15% over a 12-month average. An analysis of data breaches since 2017 shows that 74% of the data stolen in a breach is personal data, while login credentials (15%) and credit card details (10%) are also lucrative targets. 

“Organizations are making it too easy for the bad guys. Attackers now have access to a variety of tools that equip them with the ability to take over an entire database, or use a foothold into the database to move laterally throughout a network. The explosive growth in data breaches is evidence that organizations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the center of everything,” Erez added.
Read more »
Subscribe to: Posts (Atom)