ADVERTISEMENT

Andersen Corporation leaks customer home photos and addresses

Construction and home renovation giant Andersen Corporation exposed clients’ private data, including home photos and addresses.

Andersen Corporation

Image from Shutterstock

Paulina Okunytė
Paulina Okunytė Senior Journalist
Feb 2, 2023 Updated: 5 February 2023 2 min read

Vulnerable to burglary and identity theft

Screenshot of the document with client’s home photos
Screenshot of the document with the client’s home photos
Screenshot of “savedata” file containing signature hashes.
Screenshot of “savedata” file containing signature hashes. Assuming the length of the hashes, it could be digital copies of physical signatures
ADVERTISEMENT

Company’s response

JSON file with customer data
JSON file containing customer names, phone numbers, email addresses, physical address

How to protect yourself

  • Monitor financial accounts: Keep an eye on your bank and credit card statements for suspicious activity. If you notice any unauthorized transactions, you should report them to your bank immediately.
  • Be wary of phishing scams: Scammers may use the leaked information to send phishing emails or make phone calls pretending to be a legitimate company. You should be cautious about clicking on links or providing personal information in these messages.
  • Monitor credit report: You should check your credit report to ensure no unauthorized accounts or loans are opened in your name.
  • Ensure security at home: Unfortunately, not much can be done to remediate the effects of having home addresses and photos leaked, apart from taking steps to secure the physical home, like installing home security systems.

Data leak could have been prevented

  • Access control: Azure Storage blobs support various access control mechanisms, such as Azure Active Directory authentication and Role-Based Access Control (RBAC). Using these tools can restrict access to the blob to only authorized users.
  • Network security: Access to the blob should be limited to trusted internal networks only. Network security groups can be used to restrict access to the blob from specific IP addresses or virtual networks.
  • Encryption: Azure Storage blobs support server-side encryption that encrypts the stored data and protects it if an unauthorized user accidentally gains access to the blob.
  • Auditing and logging: Azure Storage blobs support auditing and logging, which helps to detect, track and investigate unauthorized access.
  • Regular review: A company should regularly review the access control, network security, encryption, and auditing/logging settings to ensure they are still appropriate and effective.
  • Employee training: Employee training on data security and handling sensitive information is essential to prevent human errors that can lead to data breaches.
ADVERTISEMENT