Huge Data Leak Could Have Been Prevented with Proper Configurations

What happens when your company configures something on its infrastructure incorrectly? It turns out, according to a recent data leak, that a lot can go wrong, especially in regards to cybersecurity and the privacy of sensitive records. The affected software was not an unknown third-party application, but was actually Microsoft! How did one of the world’s largest software developers put out software that potentially exposed millions of records? Let’s dig into the details.

The data leak in question affected users of Microsoft’s Power Apps, a software that is widely used by many companies and organizations to share data, including such big-name organizations and agencies such as American Airlines, Maryland’s health department, and New York’s Metropolitan Transport Authority. This data leak was discovered by cybersecurity researchers at UpGuard, who promptly notified Microsoft after determining that the data leak was a potential security issue.

The issue has since been resolved, but throughout the duration in which the data leak was still active, information such as names, Social Security numbers, phone numbers, dates of birth, vaccination records, demographic information, and other sensitive information was unsecured and, therefore, could have been stolen or compromised by hackers. While this information was unsecured and could have been accessed at any point during this time, there is no indication that it was accessed in any improper way.

The crazy thing about this whole fiasco is that Microsoft claims that the application was working as intended and that the root of the issue was the way that the software itself defaulted to a setting that allowed for this type of data leak. Microsoft has yet to comment on why the default setting led to such a lack of security, but they have since adjusted the default settings to allow for greater privacy. Still, this does not necessarily excuse the lax privacy settings that the program defaulted to.

It all goes to show that you can never be too sure that your business’ sensitive information is properly secured, as the consequences of having said data leak can be quite devastating. Under ordinary circumstances, a security audit could have been used to identify this risk, but the fact that nobody knew that this was a concern meant that nobody was actively looking for it and, therefore, the security issue flew under the radar for far too long. It’s just one reason why you need to be extraordinarily careful with any sort of configurations your company makes to any tools that are used to store, share, or disseminate information like any records listed above.

Datalyst can help your business ensure that all of its system settings are properly configured, as well as work toward properly securing sensitive information of all types. With us on your side, you’ll never need to worry about whether or not you are unknowingly putting information at risk. We can monitor your network, perform security audits, and fulfill just about any other tasks that need to occur to keep your business as secure as possible.

To learn more, contact the cybersecurity experts of Datalyst at (774) 213-9701.