- The CRM of Gladney Center for adoption generated many sensitive data
- These data were stored in a protected and non -motorized database protected
- The database contained names, addresses and more
The Gladney Center for Adoption, a non -profit adoption agency, has disclosed sensitive information on children, parents, employees and other people, keeping an unprotected database.
Earlier this week, Jeremiah Fowler, a safety researcher known for hunting unlikely and not encrypted databases, found one of 2.49 GB of size and which contained more than 1.1 million recordings.
The files included the names of children, biological parents, adopted parents, employees and tracks. In addition to the names, there were also telephone numbers, postal addresses, information on “birth fathers” and data on the question of whether people have been approved or refused, becoming an adoptive parent.
Abuse information for phishing
The information is very sensitive and as such – very precious for cybercriminals. Crooks can use it to create designed and convincing phishing emails, through which they can deploy malware, steal bank information or other connection identification information, resulting in identity theft, wire fraud and possibly ransomware.
For example, a cybercriminal could find a person who had already been denied to become a reception parent and send them an e-mail informing them of a change of status. However, to finalize the process, they should pay fees in a 24 -hour window. This is just a theoretical example of the way Crooks could abuse Gladney data.
The good news is that there is no evidence that someone discovered the archives before Fowler. As soon as the database was found, the researcher contacted Gladney, who locked him almost immediately. We do not know how long it has been active, and to be sure that the files were not stolen – it would take a detailed forensic analysis.
We do not know if Gladney was the one that maintained this database, or if it was the work of a third party. We know that it was generated by a customer relations management system (CRM).
Via Website planet
