Remember meForgot password?
    Log in with Twitter

article imageCenturyLinks' suffers data breach with cloud computing system Special

By Tim Sandle     Oct 27, 2019 in Technology
CenturyLink has reported that a customer information database of 2.8 million records was found exposed. The database was affiliated with a third-party notification platform and has been exposed for 10 months.
With the CenturyLink issue, the personal information of hundreds of thousands on CenturyLink customers, including name, addresses, email addresses, and phone numbers was exposed online during October 2019.
CenturyLink said in a statement sent to Comparitech that “The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised. CenturyLink is in the process of communicating with the affected customers.” Nevertheless, the data breach raises some concerns and it is a further example of highly sensitive consumer data left exposed because of a simple security mistake.
To understand the significance of the data breach, Digital Journal spoke with DivvyCloud Co-Founder and CTO Chris DeRamus. DeRamus looks at the increasing number of data breaches caused by misconfigurations and the proper security strategies and steps that need to be enforced by companies to mitigate this risk.
DeRamus begins by placing the data breach in context with other data-issues that are affecting the business community, largely through poor design: “The recent CenturyLink MongoDB database leak is just one of a long list of serious data breaches caused by misconfigurations.”
In terms of parallel cases, DeRamus notes: “It was just earlier this year when security researchers discovered’s unprotected, publicly accessible MongoDB database, exposing nearly 809 million records containing employee and business data.”
Such weaknesses mean that enterprises need to safeguard data more securely. DeRamus notes: “Within every company, data is king and collecting, storing and leveraging data is essential to running a business effectively. Companies need to ensure proper security in their own IT environments, but also ensure that their partners, vendors and other connected parties are leveraging best practices and advanced tools to keep data safe.”
In terms of the fundamental issues, DeRamus sees the way that firms approach data handling as common cause for errors. Here he finds: “A common, troublesome theme we see is companies adding on security services piecemeal each time a new digital service is deployed instead of investing in an innovative strategy that is adaptable, scalable and automated. Such security solutions, that evolve with a company’s business needs, enable innovation while still protecting critical data and infrastructure.”
Based on this, he outlines the most appropriate solution: “In this incident, and in almost all of the incidents involving misconfigured cloud databases, automated cloud security solutions would have been able to detect the misconfiguration in real time and either trigger immediate remediation, alert the appropriate personnel to address the issue, or prevent the misconfiguration from ever being put into production in the first place.”
More about Data breach, Cyberattack, Cybersecurity, CenturyLinks
Latest News
Top News