Tech Data Leaked 264GB in Client and Business Data (Jun 7, 2019)
IT infrastructure company Tech Data was the source of a data leak that exposed 264GB in client and business data to the public. According to vpnMentor researchers, a log management server was leaking system-wide information, exposing “payment information, PII, and full company and account details for end-users and MSPs.” Client API keys, bank and payment information, and usernames and unencrypted passwords were exposed, as well as employee Personally Identifiable Information, including full names, phone numbers, and physical addresses. The exposed database was discovered on June 2, 2019 and was fixed within 48 hours.
Recommendation: Leaks of this sort causes individuals to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed. Additionally, because usernames and passwords were exposed in this instance, users should remember to utilize different passwords for all accounts to avoid personal credentials being accessible to threat actors.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.