January 15, 2020//-A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies including Unilever, has exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign.
Editor of GlobalData’s Verdict tech news website Lucy Ingham says: “The company inadvertently exposed the data, which included bank details and passport scans, by leaving a company server hosted online on an unsecured Amazon Web Services S3 bucket. This meant that it could be freely accessed by anyone with an internet connection.
“The server, discovered during a Verdict investigation, was immediately secured by Fresh Film upon being notified of the breach. It hosted a vast array of production files, including over 1,500 files containing sensitive data.
It is not clear if the server – which appears to have been freely accessible online since at least 2018 – was accessed by cybercriminals.”
Jake Moore, cybersecurity specialist at ESET, expressed concern at the severity of the data exposed.
Moore told GlobalData: “The implications of such exposed data could be catastrophic to the potential victims involved and such a large amount of personal data on each of them is more than I would usually see in a breach like this.
“Bank fraud and identity theft are naturally the first areas of concern but with this amount of data, the possibilities are endless to anyone with this volume of information at their disposal.
It would take a significant amount of work to mitigate the risk but extra fraud protection on the victim’s banks would be the first port of call.”
Richard Carter-Hounslow, producer at Fresh Film, told GlobalData: “We take things like data protection very seriously and will be looking into this matter with urgency.”
African Eye Report
