A Cayman Island investment firm has removed years of backups, which up until recently were easily available online thanks to a misconfigured Microsoft Azure blob. The blob’s single URL led to vast stores of files including personal banking information, passport data and even online banking PINs — which in addition to a security problem, presents a potential public-relations nightmare for a firm in the business of discreet, anonymous offshore financial transactions.
The massive cybersecurity blunder was pointed out by a researcher to The Register, which agreed not to disclose the name of the compromised bank in return for details about how this happened. Once evidence was given to the bank of the exposed data, the information was passed onto a bank staffer with a college computer science background, the report added. There was no one else on staff specifically dedicated to cybersecurity.