• 0 Posts
  • 1 Comment
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle
  • Last organisation I worked for—not for profit, health—had around 17,500 employees. One of the cybersecurity managers had every employees details and devices on a Google Sheet private account that anyone could see if they had the share URL.

    Home addresses, phone numbers, MAC addresses, IMEIs, columns of PII…

    I started getting all sorts of unsolicited contact and 2-step authentication alerts “randomly” after two months there and 8 months later rEvil successfully ransomwared for $3.4M.

    So when I found this sheet and no one took it seriously, I declared an internal data breach, submitted it to the fed—as you legally must in this country—and shit hit the fan for that department.