The personally identifiable information (PII) of almost 90% of Panama’s population has been divulged due to an unsecured Elasticsearch server. The server was found without authentication or firewall protection, connected to the internet, and publicly viewable on any browser. Given that Panama’s population is estimated at 4.1 million, the leaky server, which contained over 3.4 million user records, effectively exposed online the sensitive information of the majority of Panamanians.
The unsecured Elasticsearch server was found and divulged by security researcher Bob Diachenko over the weekend and also reported to Panama’s Computer Emergency Response Team (CERT). Interestingly, in 2018, Diachenko also caught an Elasticsearch server that leaked 57 million PII of American citizens for a period of two weeks.
According to Diachenko, the database exposed records which include a user’s full name, date of birth, national ID number, medical insurance number, contact details, and other information. However, it should be noted that not all entries contained the same type of information. Patients’ medical records, past conditions, as well as treatment information were not found in the database, according to an interview Diachenko did with ZDNet.
As of writing time, it is still not clear to which government agency or business entity the leaky server belongs.
Exposed servers expose organizations to big risks
With misconfigured servers come great risks, including data breaches, malware installations, and remote code execution, to name a few. While vendors are responsible for ensuring that their server services are secure, organizations are responsible for adopting a security policy that takes into account the proper configuration of their storage infrastructure. This is known as the shared responsibility model, which, if successfully implemented in organizations, can minimize data breach incidents and save organizations from financial and reputational woes.
At the onset of new data privacy laws and a year of GDPR implementation, enterprises are expected to protect their customers’ data and privacy. Here are a few steps to take in order to better protect your organization and customers’ data:
Educate all company employees on security policies and contingency plans on how to identify incidents of attacks and trends in social engineering, and what to do when it happens.
Practice network segmentation and data categorization. Network segmentation means assigning different networks for different functions or device types. It allows IT administrators to gain better visibility to monitor the components and traffic of the network, as well as enables them to protect, remove, or install each segment when necessary. Data categorization means classifying datasets from low value to high value and restricting the personnel and officers who have access to different identified levels of importance. It also allows the organization in assessing which datasets need more layers of protection to minimize damage in the event of an intrusion. The firewall is a typical first layer of protection that acts as a barrier that sifts information passing through networks from external systems, analyzing data to reject malicious data according to preconfigured rules set by the admins.
Identify the weak spots in your organization’s security infrastructure and implement intrusion-preventive measures accordingly.
Secure networks, servers, gateways, and endpoints. Make sure that all systems download patches regularly. Install security solutions that provide multilayered protection and easy patch management.
With data breaches becoming endemic in the ever-expanding threat landscape, organizations can also benefit from managed detection and response (MDR), a proactive approach to ensuring that security gaps and data breaches are immediately remediated.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).