Nope, we aren’t talking about the Equifax hack.
UpGuard has revealed that records for 123 million Americans was left exposed in the cloud and it contained data from Alteryx, an Experian partner. This data file contains highly detailed personal, financial, and other details of private lives. Once again information collected for and used by third-parties is left exposed.
Finally, this incident reveals just how thoroughly third-party vendor risk is corroding the integrity of any public and private functions relying upon information technology. The exposure of massive amounts of data about many millions of American households gathered by a credit reporting agency reveals how the consequences of cyber insecurity can, in an increasingly interdependent technological environment, quickly afflict partners and expose their data as well.
“This is an enormous problem facing the IT landscape today,” UpGuard Director of Cyber Risk Research Chris Vickery wrote. “As have been seen in many previous data exposures, most enterprises lack the ability to even assess the security postures of external vendors.”
Even if the primary enterprise maintains high standards of change validation and management, they are inviting risk if they cannot be sure of similarly stringent maintenance within the operations of partners handling their data…”
The 36 GB data file titled “ConsumerView_10_2013” contained over 123 million rows, each one signifying a different American household. A similar file was seen by UpGuard when the personal details of 198 million American voters, compiled in a dataset by a data firm used by the Republican National Committee, were exposed.
The good news, such as there is any in cases like this, is that no names were exposed in the hack the data set included 248 different data fields covering a wide variety of specific personal information including address, age, gender, education, occupation and marital status. Other fields included mortgage and financial information, phone numbers and the number of children in the household.