4 Major Breaches in 2020 and How They Could Have Been Mitigated (Part 1)

Jan 13, 2021 / by SecureCloudDB

2020 will go down in infamy for many reasons, but as millions of people have struggled with a pandemic throughout the past year, organizations have had their own crises to deal with. With more activity in the cloud than ever before, data breaches have affected everyone from small businesses to Fortune 500 companies. In this four part series, we look back on notable breaches from 2020 and discuss how SecureCloudDB could have been employed as part of a layered defense strategy to alleviate, if not prevent, incidents like them.   

Part one covers the Estée Lauder breach that occurred at the beginning of 2020.

 

Half a Billion Records Exposed

An unprotected Estée Lauder database containing upwards of 440 million records including emails, IP addresses and internal logs/reference documents was discovered in January 2020. Per the security research report, no passwords or encryption were utilized to secure the database and from what was revealed, the database seems to have been forgotten and left open. Anyone with an internet connection could have accessed and stolen the data.

 

How SecureCloudDB Can Help - Database and Backup Reporting

SecureCloudDB provides an inventory of an organization’s databases across multiple cloud accounts, reporting on:

  • Database Sovereignty: This report provides an overview of where data is located around the world, across all accounts.
  • Security Violations: This report provides a full history of any violations discovered across all accounts.
  • Risk Assessment: This report provides an overview of risk across services, accounts, and regions based on our proprietary risk assessment.
  • Encryption Status: This report includes a point-in-time snapshot of an organization's encryption posture across all accounts.

A full inventory of backups across different services, which includes a view on whether or not backups are encrypted, as well as a Backup Sovereignty report are also available.

This detail provides a full representation of an organization's environment and an accurate overview of encryption posture to ensure that administrators don’t leave a database, or backup, sitting in the open unprotected.

 

SecureCloudDB Database Inventory Report

Database Inventory Report accessible in SecureCloudDB by selecting "Foundational Security" in the main menu; "Inventory" in the submenu; then "Databases".

SecureCloudDB Backups Inventory Report

Backups Inventory Report accessible in SecureCloudDB by selecting "Foundational Security" in the main menu; "Inventory" in the submenu; then "Backups".

 

Protecting Data At the Source Has Never Been More Critical

We all want to believe that our environment is impenetrable, but history has shown that no organization is immune from threats. Whether it’s poorly configured databases, weak passwords/encryption or a rogue employee, events have shown us that being ahead of the threat is key to countering it. Failure to combat an attack no matter how small can lead to outages as well as financial and reputational consequences.

The monitoring and assessment of database environments is crucial. With SecureCloudDB, putting safeguards in place to help prevent public cloud database breaches in 2021 and beyond has never been easier.

 

Look for part two of this series where we review the Microsoft breach; part three where we highlight the Garmin breach; and part four where we discuss Shopify’s internal employee breach.

 

New to SecureCloudDB? Sign up for a demo or free trial today. Already a partner or customer? Contact your SecureCloudDB representative to discuss how we can help make your experience even better. 

 

Tags: Data Breaches

Written by SecureCloudDB