Recently I discovered a non-password protected database that contained 9,098,506 records and Personally Identifiable Information (PII). This data contained credit card processing information that included merchant names, payee names, partial credit card numbers, expiration date, email address, security or access tokens, and more. Upon further research there were references to California based Cornerstone Payment Systems.
Credit and financial data is highly sensitive due to the fact that nearly all cybercrime is financially motivated. If criminals had partial credit card numbers, account or transaction information, names, contacts, and donation comments, they could hypothetically establish a profile on those individuals based on their religious affiliation or causes they are passionate about. These criminals could then launch a highly targeted phishing campaign or social engineering attack. It is estimated that 98% of cyber attacks involve some form of social engineering. This publicly exposed dataset could have been a potential goldmine to cybercriminals to work from.
Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform. Protect your business proactively - get in touch today for personalized digital security solutions.