NSW Clubs – Impacted by Breach of customer data
Another Australian business affected through a 3rd party cyber incident, though in the linked article (at the footer of this post) great pains are taken to explain that it is not their own systems but rather a 3rd party, yet who owns the data that has been exfiltrated and is now showing up on third party sites?
Imagine treating Personal belongings, like Business treat Data…
Likening this to a personal situation, if I have household items and valuables stored at a storage facility, I will be damned certain that the storage facility is fully secure and I will expect them through the T&Cs of our agreement to have security in place.
As an executive for a major organisation, who would consider to store their personal belongings in a rickety shed two streets away from home?
Because this is exactly what I am talking about, the rusty old shed above is the physical equivalent of poor 3rd party suppliers, seriously this is not hyperbole!
Always know what data you are sharing with your third party providers, in this case it would appear to be an unacceptable type of data (sensitive information) without sufficient security of that data, if it did need to be shared with this 3rd party provider.
In summary
Data that is shared between a business and a provider of a service is always still the property of the business who collected the information, it is the responsibility of the data collector to make certain that their agreement with the customer regarding use, storage, security etc is maintained. The third party in all cases must have a secure way in which to receive this data and also to use the data they have received.
Data is the lifeblood of a business, any informationthat must be shared with a third party, must be:
– As little as possible to provide the service
– For as short a time as possible to provide the service
– At least as securely as your data security policies
This is a fail for citizens as yet again information that can be used to defraud us has been leaked for criminals to use.
Update
It appears that the 3rd party service provider here is OutaBox, a “Leading provider of software systems” for Casinos, considering that every vendor and service provider who has no way to substantiate this claim will often make it, as a way to validate their offering – this is no consolation.
I am a simple man, I can see from their website Outabox that they are as shady as a 7 o’clock shadow on a Mediterranean guy, site is no longer available unfortunately.
Further information is here and is worth a read, disgusting direction for a service provider to take and I hope in the future they are unable to repeat this action.
https://haveibeenoutaboxed.com/outabox
Just because its nice to share scammers faces on the Internet, Do not work with Glenn James, Dalbir Singh or Darren Blinn unless you know what you are doing, operators like this do not deserve to be in business.
Thanks Brandon Dunlop for sharing and as always if you wish to contact me, I am here.
Leave a Reply