#Fail: Dow Jones Exposes Data Of Millions Of Customers Via “Semi Public” S3 Storage

Hot off the heels of Verizon exposing the data of 14 million people via a wide open Amazon S3 data bucket, comes this story of the security firm who found that #Fail finding that Dow Jones had a “semi public” Amazon S3 data bucket that exposed the records of 2+ million customers to the entire planet:

The UpGuard Cyber Risk Team can now report that a cloud-based file repository owned by financial publishing firm Dow Jones & Company, that had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company’s customers. While Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts.

The exposed data includes the names, addresses, account information, email addresses, and last four digits of credit card numbers of millions of subscribers to Dow Jones publications like The Wall Street Journal and Barron’s. Also exposed in the cloud leak were the details of 1.6 million entries in a suite of databases known as Dow Jones Risk and Compliance, a set of subscription-only corporate intelligence programs used largely by financial institutions for compliance with anti-money laundering regulations.

What’s worse is that Dow Jones had a “sluggish” response to this when it came to notifying their customers. That too is a #fail. This is why this sort of thing needs to be aggressively policed and punished. Otherwise, we are all at risk.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: