CYBERInsights: DATA Breach – French Estate Agency Leaks Thousands of Customer Files
Cyber Breach: French Estate Agency Leaks Thousands of Customer Files
Posted By Iain Fraser -Cybersecurity Journalist, Gibraltar
https://iainfraserjournalist.blogspot.com
Google Indexed:
French Estate Agency GSI Immobilier is at the centre of a data breach scandal after literally thousands of customer files after being exposed by the research team at The Website Planet. The company was storing data on a Microsoft Azure Blob Storage server whose misconfiguration exposed sensitive customer files and left over 1000 people potentially at risk of further crimes.
Customer Data Leaked
GSI’s Microsoft Azure Blob Storage server was configured without password protection or any encryption, thus providing easy access to anyone who may have found the server and its content. The breach compromised 1342 files (2GB of data) which featured the sensitive personal data of GSI’s holiday rental customers including:
Full names; including first names and surnames
Phone numbers
Email addresses
Addresses of customer’s homes and booking locations
Booking details; including the arrival and departure dates of customers, and the prices paid for each booking
Customer signatures (in some cases)
Scanned pictures of signed cheques (in some cases)
The database was live and regularly updated at the time of discovery.
Leaked arrival and departure dates, along with prices paid for accommodation, provide criminals with a gold mine of information to help them choose potential targets for crime, however, GSI’s breach could potentially cause far greater damages, affecting both its business and its customer base.
GSI customers could be subject to phishing attempts from hackers who access booking information. Bad actors could contact GSI customers via email or phone, using the customer’s name and booking information to build rapport while posing as a GSI employee, or a representative of the holiday rental accommodation.
Impact on GSI Immobilier
GSI Immobilier faces several consequences for leaking customers’ personal data. GSI is likely to come under the scrutiny of the EU’s GDPR data privacy regulations. GDPR is the body of laws that govern data protection throughout the European Union.
Businesses that mishandle, misuse, or fail to protect the data of EU citizens are likely to face sanctions from GDPR. Guilty companies may receive a fine of up to €20 million or 4% of the company’s annual turnover (whichever is greater).
GSI’s database has leaked the data of English citizens too. The United Kingdom is no longer part of the EU but has retained GDPR laws in the form of UK GDPR , or the Data Protection Act 2018.
The UK’s GDPR laws are the same; only GSI could face a separate fine from British authorities. The max fine for a breach of the Data Protection Act 2018 is slightly lower, at £17.5 million or 4% of the company’s annual turnover (whichever is greater). Learn More/…
Who is Website Planet?
Website Planet is a leading resource for web designers, digital marketers, developers, and businesses with an online presence. You’ll find tools and resources for everyone, from beginners to experts — and honesty is our top priority.
We have an experienced team of ethical security research experts who uncover and disclose serious data leaks as part of a free service for the online community at large. This has included a breach in a famous European office supplier, as well as a breach in an Indian B2B online packaging marketplace leaking sensitive data.
About Iain Fraser
Iain Fraser Cybersecurity Journalist and Commentator – Gibraltar (Accredited Member of NUJ, IFJ and ONA) and European Authority Writer & Corporate Lecturer on all aspects of Cybersecurity Awareness, Threat Management & Best Practice Mitigation.
Log on to my Blog Daily for my roundup of the latest Cybersecurity News, Breaches, Privacy Protocols and Mitigation. If your organisation needs Definitive, Authoritative & Reliable Cybersecurity Content and Bespoke Articles then we should talk! [email protected]