- Gladney Center for adoption CRM was generating many confidential data
- These data were being stored in a non -encrypted and not protected database
- The database contained names, addresses and more
The Gadney adoption center, a non -profit adoption agency, was filtering confidential information about children, parents, employees and other people by maintaining a unprotected database.
Earlier this week, Jeremiah Fowler, a safety researcher known for looking for non -encrypted databases not protected by raisins, found one of 2.49 GB of size, and containing more than 1.1 million records.
The records included names of children, biological parents, adopted parents, employees and potential clients. In addition to the names, there were also telephone numbers, postal addresses, information about “parents of birth” and data on whether people were approved or denied, becoming an adoptive father.
Abusing information for phishing
The information is highly sensitive and, as such, very valuable for cybercriminals. Crooks can use it to create custom and conventional phyting emails, through which they can implement malware, steal bank information or other login credentials, resulting in identity theft, wire fraud and possibly ransomware.
For example, a cybercriminal could find a person who previously denied becoming an adoptive father and sending them an email by notifying them of a change in their state. However, to finish the process, they would have to pay a rate inside a 24 -hour window. This is just a theoretical example of how criminals could abuse Gladney’s data.
The good news is that there is no evidence that no one discovers the file before Fowler. As soon as the database was found, the researcher communicated with Gladney, who blocked it almost immediately. We do not know how long it remained active, and to be sure that the files were not stolen, there would be a detailed forensic analysis.
Nor do we know if Gladney was the one who maintained this database, or if that was the work of a third party. We know that it was generated by a customer relations management system (CRM).
Through Website planet
