Every day, companies faced security challenges in maintaining their data secured from cyber-attacks. A data breach results from successful cyber-attacks that permit cyber criminals to access a company’s sensitive data. The exploitation of the data can happen anytime to any organization. However, cyber-attack is not the only cause of why data breaches are happening worldwide. Some are due to the employees’ negligence such as human error, lost or stolen devices, third-party mistakes and error in the system, or technical glitch. Recently, a report showed that Imobiliare has suffered from a data breach.
Imobiliare is the largest real estate company in Romania where real estate agents and individuals can advertise their offers on the company’s portal.
It was launched in the year 2000 and records 1 million site visitors per month. The company promotes residential and commercial complexes and attains partnerships with publications and portals.
The discovered stolen data from the company was exposed with no encryption or password protection.
A team of web developers have conducted a scan to check the company’s server’s potential vulnerabilities and later found out that the data stored in the AWS S3 Bucket were left unsecured. This intentional or unintentional misconfiguration attracts the attackers to steal the data that could escalate to catastrophic consequences.
Details of the stolen loose data
A data breach in a company that contains a large number of client’s information has a significant impact on an individual’s PII (Personally Identifiable Information). This type of stolen data usually ends up on the Dark Web. Thieves specifically target PII as it has the highest cost per record among breaches averaging from $150 per lost or stolen record. The amount can even go higher to $175 when the compromised data was caused by a malicious attack or insider.
In the report, there are a total of 200,000 Imobiliare exposed records that were stored in 35,738 PDF and 165,316 JPG files data that includes PII (Personally Identifiable Information) such as full names, phone numbers, home address, email address, CNP Number (Cod Numeric Personal – Personal Numeric Code, a unique identifying number), and personal signatures. The other records include client’s real estate contracts between clients and the agency, property documents including architectural plans, detailed specifications, and property locations, land extracts and ANCPI documents (National Agency for Cadastre and Advertising), user profile images, scanned copies of national ID cards including identifying codes, requested price of the property, and detailed description of properties including location, surroundings, and local services.
Data breach creates a reputational impact on the company, loss of revenue, operational disruptions, and legal implications. The affected individuals can cause a stolen identity, personal safety, and misrepresentation that damage an individual’s reputation.
As of today, the affected number of people from the data breach remains unidentified. The stolen information record does not reflect the approximate number of the affected people as others contained various information per individual. The affected company should develop a robust data security policy that will improve their processes and procedures to prevent a data breach in the future.