Alteryx data breach happened again because of third-party vendor risk. A cybersecurity firm UpGuard discovered the leak.
What happened? And how big is the damage of the Alteryx data breach?
Overview
Data breaches are being common nowadays. In 2017, the Alteryx data breach was one of the worst.
Alteryx is a data analytics company based in California. In October 2017, a cybersecurity firm discovered the leak. It exposed the sensitive personal information of millions.
How public was the breach? It affected 123 million American households.
What caused the breach?
Alteryx Data Breach
The security firm found Alteryx’s database to be not secured. As in, no protection at all.
Take note, not just lack of protection but no protection totally! This means that you can access it if you have an Amazon Web Service account. No hacking or coding skills are needed!
Thus, a free AWS account is needed to get your hands on Alteryx’s tens of millions of data.
The discovery
A Cyber Research Director found AWS S3 cloud storage of Alteryx. It was is in their AlteryxxDownload subdomain. It also contained information about the majority of American households.
Supposedly, AWS only allows authenticated users. That way, you can access the stored files. But, it was not the case in Alteryx.
Any AWS users could access the files. We repeat, ANY users. So, even if your AWS account is a dummy, you can see the files.
The leaked information
Alteryx is a data analytics company. Also, it is a partner of a credit agency and the US Census.
Thus, the leaked files also included their partners’ data. It also exposed the following:
- home addresses
- estimated income of clients
- contact numbers
- mortgage ownership
- financial histories
- your purchasing activities
It even exposed files whether you like cats or dogs! And the total size of the database is 36 gigabytes. If we combine it, the data reveals billions of personal details!
The damage
Identity theft and fraud are likely to happen. Why? These Personally Identifiable Information will probably be sold in dark web marketplaces.
Moreover, Alteryx is a consumer reporting company. Thus, they violated the Fair Credit Reporting and Consumer Sales Practices Act.
Therefore, they were charged for punitive and statutory damages. Also, Robert Green asked for payment for attorney’s fees.
Another complaint was also filed to Alteryx. Christopher Jackson and others filed the same charges to Alteryx.
The impact of third-party risk
Alteryx data breach shows how third-party vendor risk can be damaging. Its consequences include:
- financial loss
- damage of reputation
- loss of trust
Moreover, Alteryx, Experian, and US Census shares intermingling data across their platforms. One breach to a provider means breach to everyone, too!
Thus, the third-party risk is still a big issue in the IT world. What’s worse, most companies are not aware of the risk with external vendors.
By working with them, you are inviting risk. You can’t be always sure that they are 24/7 secure. No matter how secured your systems are.
What you can do to prevent data breaches
There are cybersecurity firms that offer security controls. Done with the help of assessments and tests.
Also, we advise that you always monitor your vendors’ security. Then, you can make sure that breaches like the Alteryx data breach won’t repeat.
