A forgotten database led to 2.1 million people DNA breached data
A forgotten database.
This is exactly the kind of stuff we're observing in nowadays IT unmanaged DevOps and development activities.
Thousands of Cloud services, S3 buckets, computing instances, containers are being deployed daily to speed up deployment and development of new (old) solutions, not assessed, not tracked, not recorded anywhere. Consequences are devastating in the mid-long term:
- costs
- environmental impact
- security
As in the case from 2021 where a prominent DNA testing facility suffered a massive databreach after a "forgotten database" has been breached with biological data from 2.1 million individuals exfiltrated.
A - FORGOTTEN - DATABASE.
I can't even start listing the amount of failures there were:
- incomplete migration project
- unsecured systems
- lack of audits
- lack of spending reviews
- lack of VAs
- total failure in IT Governance.
The company will now pay $400.000 in fines and is committing to "beef up their security".
What caught me about this story (nothing new) is what the Attorney General said:
"Negligence is not an excuse for letting consumer data get stolen"
Be well, be safe, be aware.