What is Data Leak and How to Prevent Accidental Data Leakage
Table of Contents
- By David Lukic
- Aug 11, 2020
Data breaches take many forms, and one of them is through data leak and accidental web exposure. Millions of people are affected by data breaches each year, and privacy and security are becoming a mainstream concern as a result of rampant exposure.
What is Data Leakage
A data breach is when information is accessed or stolen without the owner’s permission or knowledge. Data breaches can be digital in nature, such as when a hacker installs malware and steals information, like the Home Depot and Target data breaches. It may be physical in nature like the Heartland Payment Systems data breach, where computers with personal and sensitive information on them were stolen but not appropriately secured. Some data breaches occur because of an insider, meaning an employee, ex-employee, vendor, or other third-party accesses or steals information and results in data leakage from a company.
A lot of the data stolen in data breaches ends up on the dark web for sale to criminals. The dark web consists of a lot of nefarious things, including data breach lists for sale and phishing kits to help budding young fraudsters wage theft campaigns against millions of unsuspecting Americans. Data breaches are a heavy concern for national security, businesses, and individuals in the U.S.
What is Accidental Web Exposure?
Accidental web exposure is a categorization of specific types of data breaches where a server or computer that contains personal information is connected to the internet so that staff, management, and even customers can access information remotely. However, many of these systems are not secured properly. Instead of authorized access, hackers can get their hands on the entire batch of records and then copy them and use them in identity theft or other heinous crimes.
An Example of Accidental Web Exposure
Earlier in 2019, around May, KrebsOnSecurity reported an enormous accidental web exposure when the title company First American Financial Corp. leaked hundreds of millions of users’ records through a vulnerability in their system. The records go back to 2003, and because they deal with mortgage and real estate data, they included bank account numbers, mortgage statements, social security numbers, tax records, wire transfers, receipts, driver’s license numbers, and more. The breach was devastating but preventable.
The server was unprotected by any type of login, authorization, or password protection. Anyone with a web browser, if they had the correct URL, could simply pull up a document. If the user changed one number in the URL, they could see another customer’s data, unrelated to the one they were supposed to be viewing. A real estate agent discovered the flaw by mistake. There is no way to know if anyone breached the data or stole it since 2003, but that is how long they have been exposed, so it is best to assume someone did. It is estimated that 885 million records were affected. Some of them may have been yours.
How to Protect Yourself from Accidental Data Leak?
When you hand over documents to a trusted title company to close the deal on your house, you expect your information to be kept private, but that is not always the case.
Anyone who has information on a server, computer, or mobile device that is connected to the internet is at risk. To secure those files:
Use strong passwords on all your web accounts and devices.
Set up two-factor authentication when it is available.
Go through all the privacy and security settings and tighten up the device’s and software’s protection.
Install and run antivirus/anti-malware software and run deep scans often.
Install network monitoring software or set it through your firewall to watch for breaches and block unauthorized access.
Get a copy of your credit report at least once a year to check for fraud.
Sign up for credit monitoring with a reputable company like IDStrong.com.
Carefully monitor all credit cards and bank statements especially if you were a victim of a recent data breach or identity theft.
Consider a fraud alert if you were a victim of identity theft.
How to Protect Your Company from Data Leak
It is impossible to be completely protected against accidental web exposure or any data leakage, but there are things you can do to be more secure.
Identify your most sensitive data and secure it.
Have a strict policy about access and logins. If anyone’s information is compromised, close the door and change the credentials immediately.
Disallow any shared access or re-used accounts or passwords. Force password reset each month.
Assign responsibility so that one employee oversees access to specific data. That way, you have accountability, and it is harder for someone to breach access and steal data without being caught.
Have a zero-tolerance policy against suspicious activity, accidental web exposure or data leakage. Instruct all staff members on how it works and what the consequences will be.
Install tracking software to monitor access to all sensitive data and protected areas of your network.
Perform an IT audit every month to track access and accountability.