News Insights: Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach – Security Discovery
Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach – Security Discovery
Dow Jones Data Breach. Security Discovery researchers found 2 million names in a database from the Dow Jones Risk Screening Watchlist. Security researcher Bob Diachenko yesterday announced his discovery of an exposed Dow Jones database on an AWS Elasticsearch instance. The data included personal details relating to what Diachenko identifies as “government officials, politicians and people of political influence in every country” as well as their relatives, close associates and the companies to which they’re linked. Dow Jones confirmed the breach but blamed others, telling Diachenko that “at this time our review suggests this resulted from an authorized third party’s misconfiguration of an AWS server and the data is no longer available.”
News Insights:
Warren Poschman, senior solutions architect at comforte AG, commented, “In a regrettable trend, Dow Jones & Co. is yet another example of a company that has failed its customers without taking proper security measures – and twice now. Surely, heads will roll in their IT organization but its customers that are left unwhole by bearing the pain of identity theft and privacy failures. Really, it’s a classic case of a company wanting to invest in the cool technology, in this case ElasticSearch and AWS S3 buckets, but not understanding the security ramifications of that technology. Organizations need to adopt data security to protect their data, wherever it may exist or whomever may be managing it on their behalf.”
He added, “A data-centric security model allows a company to protect data and use it while it is protected for analytics and data sharing on cloud-based resources. These incidents would have been preventable with such a model – and if a third party or partner has a security lapse, instead of trying to shift blame, Dow Jones would be talking about how it proactively protected its customers from such threats.”
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.