Commenting on the news is Jonathan Deveaux, head of enterprise data protection for comforte:
“In the case of this data breach, or data exposure, the unprotected data was open and available for about a week, according to the report. Forensics from past data breaches have revealed that outside access to data was typically available for months, and sometimes years. Therefore, one might say that the owners of this database were ‘lucky’ that the data was only exposed for a week.
Another interesting detail about this data exposure incident is that the personal information resided in a MongoDB database. A quick view of the MongoDB
website states that it is a document database that is highly scalable and flexible. And it’s free and open source. Does technology that is free and open source mean its unsecured? NO, but often data protection and privacy are applied *after* the initial objectives are met. This could mean that data is exposed and is unprotected for a while.
It is the responsibility of the administrator of the database, and ultimately the organisation collecting and storing the data, to enact effective data protection and privacy methods. An 854GB cache of data with 200 million records initially doesn’t seem to be small, however, in the daily workload of an organisation, it is possible that securing this database may have been missed.
No matter what the reason is behind this data exposure, this incident surely points out that any kind of data could be at risk at any given time. More must be done to consider data protection and privacy at the earliest point of entry into databases, files, and other stored areas, as to minimise exposures of all sizes.”