Exploit: Accidental sharing.
DCMS: UK government agency responsible for managing GDPR implementation.
Risk to Small Business: 2.555 = Moderate: Ironically, the UK government agency responsible for managing GDPR implementation is in violation of the law. In a mass email about the priority of privacy protection, the agency inadvertently revealed the email addresses for 300 journalists by including their credentials in the carbon copy (CC) rather than blind carbon copy (BCC) portion of the message. This is the third agency-related data loss event this month.
Individual Risk: 2.714 = Moderate: The journalists included on the email had their email addresses exposed to all recipients and additional viewers, but there is little risk of additional data loss from this incident.
Customers Impacted: 300
How it Could Affect Your Customers’ Business: This is the UK government’s third incident involving accidental sharing this month. It’s a reminder that, while external threats play a prominent role in your data security priorities, internal threats remain a persistent problem. Therefore, companies need to deploy a holistic approach to data security that accounts for internal and external threats.
ClearYolk to the Rescue: Monitoring the Dark Web for stolen credentials is critical for companies who want to provide comprehensive security to their organisation. Our Phishing service compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: http://www.clearyolk.com/phish/.