The Challenge With Cloud Apps – Unsecured Databases
In an example of dozens of known breaches and likely thousands of similar situations which never get reported, security researcher Jeremiah Fowler discovered a non-password protected, unsecured (sort of redundant) database containing 38.6 million records belonging to legal support services company Rapid Legal.
The information left exposed included court documents, service agreements and payment information and also PII.
The documents went back to 2009.
Additional research from another database which contained 89,000 records belonging to Legal Connect. The two companies share leadership.
The service claims to have 32,000 law firm customers and has transmitted over 7 million ordered and 11 million legal documents.
Talk about a worst nightmare – 32,000 law firms try to figure out who is going to sue you.
But the challenge for any user – either a consumer or a business – is that it is hard to verify whether or not some cloud service provider takes security seriously or not. (Full disclosure: we offer a service to customers that helps them vet the security of cloud services they are considering using). It is especially hard for consumers since they don’t have internal legal teams, IT departments or security teams.
Will this change things? I doubt it, but the more knowledgeable people are, the more likely they are to start asking questions. And the more likely it is that companies will seek out experts to help them figure out the right solution.
Which in this case, might have been embarrassing. Or saved some law firms from having to deal with upset clients. Credit: Hackread