Exactis leak exposes database with 340 million records

TechTarget | June 29, 2018

Exactis leak exposes database with 340 million records
Experts said the Exactis leak needs to be treated as a learning moment for defining identity online after the marketing firm exposed data on 230 million adults and 110 million businesses. A marketing firm exposed records on most adults in the U.S., but experts weren't surprised at the number of people affected and said the lesson should be about the depth of data gathered. Marketing firm Exactis, a data company based in Palm Coast, Fla., exposed 340 million records -- 230 million for individuals and 110 million for business customers -- via a publicly accessible server, meaning anyone who knew where to look could have taken the data. Vinny Troia, security researcher and founder of NightLion Security, headquartered in St. Louis, Mo., discovered the potential Exactis leak and wrote on Twitter that he is working with the company to determine if anyone accessed the data. Exactis has since secured the server. The data potentially exposed in the Exactis leak added up to 2 terabytes of information, including phone numbers, home and email addresses, but Bruce Silcoff, CEO of Shyft Network International, a cybersecurity company based in Barbados, said the Exactis leak is noteworthy "not only for the number of customers impacted, but also for the depth of compromised data."

Spotlight

This document will discuss:
• The constraints of traditional disaster recovery methods
• The ways in which cloud-based disaster recovery solutions improve hot site recovery operations
• Characteristics of an intelligent cloud-based disaster recovery solution
• The features and benefits of IBM SmartCloud Virtualized Server Recovery (VSR)

Spotlight

This document will discuss:
• The constraints of traditional disaster recovery methods
• The ways in which cloud-based disaster recovery solutions improve hot site recovery operations
• Characteristics of an intelligent cloud-based disaster recovery solution
• The features and benefits of IBM SmartCloud Virtualized Server Recovery (VSR)

Related News
ENTERPRISE SECURITY

Coalfire announces HITRUST Accelerator with AWS Security Assurances Services (AWS SAS)

Coalfire, a leading cybersecurity firm, announced HITRUST Accelerator, a new program that allows customers to achieve HITRUST CSF Validation up to 50% faster when compared with conventional methods. This program combines deep technical knowledge of AWS Security Assurance Services, LLC (AWS SAS) with Coalfire, a HITRUST External Assessor Organization, to streamline the entirety of the HITRUST Validation lifecycle. Organizations who attempt to prepare for HITRUST certification internally without the help of an experienced external assessor may have timelines in excess of 2 years to achieve HITRUST Certification. The HITRUST Accelerator program uses a three-step process that provides end-to-end support of an organization's preparation, remediation, and HITRUST Validation. This integrated approach enables Coalfire and AWS SAS to quickly identify compliance gaps, assist with technical remediation, simplify document creation, and expedite the Validated Assessment. By accelerating HITRUST Validation, customers will be able to offer significant assurances over their security and privacy controls, which enables them to focus on innovation and driving adoption. Coalfire and AWS SAS share an obsession in creating innovative solutions that maximize customer success," "This passion and collaboration resulted in a program that helps our mutual customers prepare, remediate, and validate against the HITRUST CSF. By taking industry leaders in cloud security and HITRUST, we aim to revolutionize the way that organizations approach and maintain compliance. This has been a long time coming and we are absolutely thrilled to be launching this program with the AWS SAS team. Jeff Rector, Global Engagement at Coalfire The customer journey is accelerated via three tailored workstreams that are designed to: Prepare the customer for HITRUST Validation by thoroughly defining the technical systems and boundary, conducting a thorough gap assessment, and developing fully customized policies and procedures designed to be HITRUST compliant. Reduce remediation efforts and time to 12 WEEKS in most instances, using automated compliance-as-code packages, 30 days of expert AWS technical guidance and security engineering services, and hands-on AWS support configuring AWS services., and to fast-track the collection of evidence ahead of the Validated Assessment to minimize burden and audit fatigue on compliance teams. Validate the environment with confidence, including end-to-end support during HITRUST QA, Corrective Action Plan creation, and report finalization. About Coalfire Leading technology infrastructure providers, SaaS companies, and enterprises – including the top-five cloud service providers and eight of the top-10 SaaS organizations – rely on Coalfire to strengthen their security posture and secure their digital transformations. As one of the largest firms dedicated to cybersecurity, Coalfire delivers a comprehensive suite of advisory and managed services, spanning cyber strategy and risk, cloud security, threat and vulnerability management, application security, privacy, and compliance management. A proven leader in cybersecurity for the past 20 years, Coalfire combines extensive cloud expertise, advanced technology, and innovative approaches that fuel success.

Read More

PLATFORM SECURITY

BT launches transformational new security platform, Eagle-i, to predict and prevent cyber attacks

Relentless growth and ever-changing nature of the threat landscape dictates a new, proactive approach to cyber security Customers to benefit from advances in AI and automation, combined with BT's networking expertise, in transformational cyber defence platform Eagle-i builds on BT's recent security investment and partner ecosystem to address issues such as a more than 50 per cent increase in malware traffic over the last 6 months Business and public sector bodies continue to face an exponential growth in the volume and complexity of cyber attacks, with new research from BT identifying a more than 50 per cent increase in malware traffic over the last six months. Alongside a global shortage of skilled security professionals, organisations around the world are struggling to keep a lid on evolving cyber threats and maintain their defences. In response, BT is launching its most sophisticated cyber defence platform yet — Eagle-i. It combines BT's industry-leading network insight with advances in AI and automation to predict, detect and neutralise security threats before they get a chance to inflict damage. The platform has been designed to self-learn from the intelligence provided by each intervention, so that it constantly improves its threat knowledge and dynamically refines how it protects customers across a multi-cloud environment. Eagle-i will utilise an AI layer to provide real-time detection of issues and intelligent automated responses, enabling users to significantly speed up their reaction to security issues and outpace their cyber threats. It is also uniquely able to integrate with technologies from across the security ecosystem so that organisations can both optimise their capabilities and spot any holes in their defences without having to replace existing investments. The platform will underpin how BT protects its global operations and provide phased enhancements and increased functionalities for all BT's managed security services. Security is now at the top of the boardroom and government agenda yet many organisations are seeing their cyber risks increase to unmanageable levels. This situation demands a new, proactive approach. Eagle-i leverages the latest advances in AI and automation to continually monitor, learn and evolve so customers can stay a step ahead of cyber criminals. Kevin Brown, managing director, BT Security About BT BT Group is the UK's leading telecommunications and network provider and a leading provider of global communications services and solutions, serving customers in 180 countries. Its principal activities in the UK include the provision of fixed voice, mobile, broadband and TV (including Sport) and a range of products and services over converged fixed and mobile networks to consumer, business and public sector customers. For its global customers, BT provides managed services, security and network and IT infrastructure services to support their operations all over the world. BT consists of four customer-facing units: Consumer, Enterprise, Global and its wholly-owned subsidiary, Openreach, which provides access network services to over 650 communications provider customers who sell phone, broadband and Ethernet services to homes and businesses across the UK.

Read More

DATA SECURITY

Herjavec Group, a Global Cybersecurity Leader, Accelerates Growth with Acquisition of SEGMENTECH

Robert Herjavec, Founder & CEO of global cybersecurity firm Herjavec Group and a leading investor on the Emmy Award-winning show Shark Tank, proudly announces the strategic acquisition of SEGMENTECH, a North American cybersecurity services firm specializing in Identity and Access Management (IAM) & Privileged Access Management (PAM) solutions for enterprise customers. This acquisition further expands and accelerates Herjavec Group's leading IAM practice by adding world-class Privileged Access Management talent, specializing in implementations of CyberArk, a global leader in Identity Security. "As we have transitioned to a flexible workforce environment, businesses have been forced to accelerate and pivot their digital transformation," said, Robert Herjavec. "As a result, CIOS and CISOs are navigating a paradigm shift in cybersecurity, and the way their security environment needs to be set up. IAM and PAM have become foundational to all security programs, to ensure that the right people access the right data, at the right time, for the right reasons. As a result, we are experiencing a tremendous uptick in demand for services to implement comprehensive IAM and PAM programs." Founded in 2015 by Roy Levy and Boris Zaidfeld, SEGMENTECH is a leading provider of IAM & PAM services and is an expert advisor in DevSecOps and how to secure CI/CD processes. SEGMENTECH supports global enterprise customers through the implementation and expansion of IAM and PAM programs. Both Herjavec and SEGMENTECH are established partners of CyberArk. With this acquisition, Herjavec will further advance its privileged access management practice by putting CyberArk at the core, which enables a security-first approach to decreasing identity-led risk. This acquisition strengthens Herjavec Group's position as an Identity and Access Management leader and will benefit organizations seeking to fortify their cybersecurity defenses,CyberArk has strong relationships with both Herjavec and SEGMENTECH. Their commitment to investing in highly trained cybersecurity professionals, especially in the area of privileged access management, combined with expanded access to CyberArk-based Identity Security solutions, will dramatically improve security for our joint customers. Chris Moore, VP of Global Channel at CyberArk. Herjavec Group and SEGMENTECH customers will benefit from working with highly qualified professionals, including those who have achieved their Guardian certification, the highest level of CyberArk training and a proven track record of capabilities, ensuring enterprises can accelerate, improve, and manage their cybersecurity lifecycle. About Herjavec Group: Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world's most innovative cybersecurity operations leaders, and excel in complex, multi-vendor environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity and Access Management Services, Managed Security Services, Threat Management, and Incident Response. Herjavec Group operates across the United States, United Kingdom, India and Canada.

Read More