En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeBlogRansom Demand for Human Error and Two-year Data Leakage
BACK TO BLOG LIST
Ransom Demand for Human Error and Two-year Data Leakage
13.09.2023

Today we will examine two recent instances of data disclosure, both of which, as is often the case, have resulted in serious financial and reputational losses for the companies involved.

Trygg-Hansa, a Swedish company that provides consulting services and insurance to individuals, private and public organisations, kept the data of 650,000 customers in the public domain for more than two years.

The incident came to light when The Swedish Authority for Privacy Protection (IMY) received a tip-off from one of Trygg-Hansa's customers that the insurer's backend could be accessed via links on quotation pages sent to clients. The links in question contained a URL to the pricing page of the organization’s website and were sent to all current and potential customers.

Following an investigation, IMY claims that the data was accessible to unauthorized individuals from late 2018 to early 2021. According to the investigation, the following personal information of Trygg-Hansa customers was compromised:

  • Сondition details
  • Financial information
  • Contact details
  • Social security numbers (SSN)
  • Insurance details.

IMY alleges that Trygg-Hansa failed to correct the error for some time after receiving notification, and that the data was still openly available. In September 2023, IMY imposed a fine of $3 million on Trygg-Hansa.

The second incident occurred at Cyberport Hong Kong, a digital technology flagship and entrepreneurship incubator. 400GB of data has been leaked online, including personal details of employees of Cyberport and some start-up companies: HKID card numbers, bank statements, lease agreements, receipts, audit reports, resumes.

On 12 September 2023, a Cyberport spokesperson said that the leaked information had been mistakenly stored on a public drive on the company's server, which was subsequently hacked. Sensitive data, he said, should not have been stored on the disc in the first place.

The criminals demanded a ransom of $300,000 and additionally put the data up for sale online. The data was published on the Darknet after the ransom was not paid.

A spokesman for Cyberport also said that the company had not considered paying the ransom and that the incident had caused significant damage to the company's image.

Read about another recent data leak that was caused by a human error on the part of a ShopBack employee.

BACK TO BLOG LIST
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies