The personally identifiable information (PII) of almost 90% of Panama’s population has been divulged due to an unsecured Elasticsearch server. The server was found without authentication or firewall protection, connected to the internet, and publicly viewable on any browser. Given that Panama’s population is estimated at 4.1 million, the leaky server, which contained over 3.4 million user records, effectively exposed online the sensitive information of the majority of Panamanians.
The unsecured Elasticsearch server was found and divulged by security researcher Bob Diachenko over the weekend and also reported to Panama’s Computer Emergency Response Team (CERT). Interestingly, in 2018, Diachenko also caught an Elasticsearch server that leaked 57 million PII of American citizens for a period of two weeks.
According to Diachenko, the database exposed records which include a user’s full name, date of birth, national ID number, medical insurance number, contact details, and other information. However, it should be noted that not all entries contained the same type of information. Patients’ medical records, past conditions, as well as treatment information were not found in the database, according to an interview Diachenko did with ZDNet.
As of writing time, it is still not clear to which government agency or business entity the leaky server belongs.
With misconfigured servers come great risks, including data breaches, malware installations, and remote code execution, to name a few. While vendors are responsible for ensuring that their server services are secure, organizations are responsible for adopting a security policy that takes into account the proper configuration of their storage infrastructure. This is known as the shared responsibility model, which, if successfully implemented in organizations, can minimize data breach incidents and save organizations from financial and reputational woes.
At the onset of new data privacy laws and a year of GDPR implementation, enterprises are expected to protect their customers’ data and privacy. Here are a few steps to take in order to better protect your organization and customers’ data:
Organizations should choose the right cloud security solution for their organizations based on what can give them the most protection. The Trend Micro™ Deep Security™ for Cloud solution can provide proactive detection and prevention of threats, while Hybrid Cloud Security provides optimal security for hybrid environments that incorporate physical, virtual, and cloud workloads.
With data breaches becoming endemic in the ever-expanding threat landscape, organizations can also benefit from managed detection and response (MDR), a proactive approach to ensuring that security gaps and data breaches are immediately remediated.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.