Frost & Sullivan data breach exposed 6,000 customer records and 6,146 employee records. The database is on sale.
On June 22, 2020 a database of US business consulting firm Frost & Sullivan was posted on a hacker forum for sale.
According to Beeping Computer, the Frost & Sullivan data breach occurred due to a misconfigured backup directory. The backup directory had confidential information and its employees and customers records.
Frost & Sullivan database is on sale by “KelvinSecurity Team” hackers group claiming the data includes 6,000 customer records and 6,146 employee records.
The customer database contains:
- client name,
- client email address,
- the company contact,
- whether they are confidential,
- other non-sensitive data.
The exposed employee database seems more sensitive and includes:
- first and last names,
- login names,
- email addresses,
- hashed passwords.
“It was not a purpose to take a database and sell it. We have tried to get in contact, but like many companies, they do not answer our requests, and we sell the database to generate an alarm and quote with these companies”from a KelvinSecurity Team ‘s interview to BleepingComputer
It is notable that among other services Frost & Sullivan provides cybersecurity protections and solutions, including managed security services, as well as identity and management control services. In March 2020, 3 month prior to this data breach, Frost & Sullivan released a study: “Don’t Wait for a Data Breach, Modernize Authentication Now”.