Film Festival Website Leak and Data Theft by Former Employee

Once again, we've rounded up two information security incidents worth knowing about with a short report to keep you informed.

Let's start our review with the incident of leaking data from a website of the International Film Festival of India (IFFI). 

IFFI is one of the largest film festivals in Asia, providing one of major cinema event. It has been held annually since 1975. This year's festival will take place from 20 to 28 November, with registration started in September.

Information on those who already registered for the festival was exposed. This happened because the file storage with files was publicly available via a specific URL. Theoretically, anyone could access the personal information of those, who have applied for the festival. The exposed information included:

  • Government ID
  • Phone numbers
  • Addresses 
  • Dates of birth 
  • Registrant's portfolio or filmography.

Allegedly, after notifying IFFI of the vulnerability, access to the repository was closed.

Let's move on to the leak of data on 9 million people. The Nippon Telegraph and Telephone Corporation, a Japanese telecommunication holding company, reported an incident in which the former temporary employee of a subsidiary illegally accessed the following information over a period of 10 years: 

  • Names 
  • Addresses
  • Telephone numbers
  • Credit card details in some cases.

The data was stored on the call center system server and it is believed that a suspected employee responsible for operating and maintaining the call center system took the information out of the company using a USB stick.

The investigation revealed that the server wasn’t protected appropriately and that the data was freely accessible.

Osaka police enforcements are currently investigating the incident. The company is said to have recognized weaknesses in its data management.

To gain confidence in your organization’s information security and avoid similar incidents, use our Risk Monitor. It can help protect your company from financial and reputational losses due to internal threats.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.