The investigation, as Bleeping Computer reports, indicates that the personal information related to hundreds of sports journalists and volleyball players. After the storage blob was discovered back in November 2020, the sports organization (Confédération Européenne de Volleyball) was contacted multiple times to secure it. It is unclear when or how the data was finally secured, however it was confirmed on January 29, 2021 that the exposed bucket is now closed.
Looking into the issue for Digital Journal is Anurag Kahol, CTO and co-founder of Bitglass.
Kahol begins his analysis by reviewing what types of personal identifiable information was at risk, noting: “The exposed cloud storage bucket contained sensitive documents on sports journalists and volleyball players, including passports, driver licenses, and other identity documents.”
He then adds that the event was one among many: “This is one of many recent incidents we have seen involving exposed information due to a preventable security mishap. Although cloud security is a shared responsibility between the cloud storage provider and the customer organization, the onus is on the customer to ensure all data is protected. In fact, Gartner predicts that 99 percent of cloud security mishaps will be the result of the customer’s wrongdoing through 2025.”
In terms of the implications, Kahol explains: “When highly sensitive personally identifiable information (PII) is on the line, there is no margin for error. As organizations migrate their data to the cloud, advanced, cloud-specific security controls must be enforced to secure data as it travels across third-party services, organizations, and devices. ”
Finally, in terms of what can be done, Kahol recommends: “To prevent data leakage, companies can adopt solutions like cloud security posture management (CSPM), multi-factor authentication (MFA), data loss prevention (DLP), and user and entity behavior analytics (UEBA). Only then can they ensure full control and visibility of data wherever it goes.”
