Back to Vulnerability

Vulnerability

Lack of vulnerability scanning causes a breach of insurance customers' personal data

It seems like each day a data breach or vulnerability leads to an organization's customer data being exposed. The breaches that are the most disappointing to hear about are the ones that happen due to vulnerabilities or misconfigurations because these attacks are entirely preventable. The most recent company to learn this lesson is Maryland Joint Insurance Association (MJIA), which accidentally exposed its customers' personal information because a port was misconfigured and left open on a network-attached storage (NAS) device.

As a result, the personally identifiable information of MJIA's policy holders was leaked, including names, addresses, and social security numbers. The credentials to one of MJIA's claims databases were also revealed. This breach was made apparent when California-based cybersecurity firm UpGuard was scanning for IP addresses that had port 804 open and exposed to the public internet. While this port wasn't open, they did find that port 9000—usually used as a web front end for NAS servers—was.

Why this is actually a big deal.

The doors securing the highly personal information of MIJA's customers were thrown open for any hacker to obtain. There's no way to be sure that this data hasn't fallen into the wrong hands. Only time will tell whether this breach will wreak havoc on the victims' lives.

How vulnerability scanners can help.

To identify your organization's security flaws, you need to have a vulnerability scanning solution in place. However, the sheer volume of logs generated from any vulnerability scanner can make monitoring this data nearly impossible.

How ManageEngine can help.

ManageEngine EventLog Analyzer helps you combat security threats by monitoring logs from vulnerability scanners. This tool alerts you when:

    1. A vulnerable port is open.
      Any port is opened or closed on any devices.

Check out EventLog Analyzer today!

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.