Another day, another giant data breach
Last week, KrebsOnSecurity verified that First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals dating as far back as 2003. The documents discovered in the leak contained PII or personally identifiable Information. PII data consists of names, social security numbers, financial accounts, wire transaction umbers, mortgage and tax records, and driver’s license information. First American Financial Corp. exposed all of this data on their public facing website. A visitor to the website could alter the URL to a valid URL of a document and view the PII data, making it a very easy attack type to gather all of the data.
This data leak could potentially affect tens of millions to hundreds of millions of people within the United States. As a small business, it may be a helpless feeling when the large corporations fall victim. In this particular case, this was human error. Human error is something any business, especially small business, can focus on improving. Having proper employee training and awareness programs play a crucial role in data protection. When a business enables web access, verify all appropriate security measures are in place and test those measures. Many leakage issues can be by verifying the configuration of any tool, prior to deploying the tool in full.