In today’s IS news roundup, we will explore the details of the FlightAware and Enzo Biochem cases.

On August 19th, a popular flight tracking platform, FlightAware, disclosed experiencing a data security incident. In this regard, the company asked all potentially impacted users to reset their account login passwords. The shocking part of the story is that the incident was caused by a configuration error that has not been noticed since January 1, 2021. The problem was only discovered on July 25, 2024. According to FlightAware’s notice, exposed data may have included:

• User IDs
• Passwords
• Email addresses

Depending on the information users provided, the leaked data may also have included full names, billing and shipping addresses, IP addresses, social media accounts, telephone numbers, birth dates, the last four digits of credit card numbers, Social Security numbers, information about aircraft owned, industry, title, pilot status (yes/no), and account activity.

A similar carelessness led Enzo Biochem, a diagnostic testing provider, to a $4.5 million penalty. This penalty was issued due to a 2023 April ransomware attack that impacted 2.4 million patients. 

The investigation revealed that five employees of Enzo were sharing two login credentials, one of which had not been changed for about 10 years. Hackers managed to access the company’s systems and install malicious software using these two staff members’ login credentials.

The information compromised as a result of the breach included:

• Names
• Addresses
• Phone numbers
• Dates of birth
• Social Security numbers
• Medical treatment information

As you can see, many serious data-related incidents are rooted in internal factors. If you want to mitigate such risks and provide your organization with a quality yet affordable solution, consider SearchInform Managed Security Services. The service allows users to get all the key aspects of internal security under control without creating a financial burden. Click here and get a 30-day free trial.