Ethical Hacking News
A London-based private security company, Assist Security, has been accused of exposing over 120,000 sensitive files online due to a lapse in their security measures. The breach, which was discovered by an independent security researcher, included personal identifiable information (PII), payroll data, job application forms, and other sensitive documents.
A London-based private security company, Assist Security, has been found guilty of exposing over 120,000 sensitive files online. The breach includes personal identifiable information (PII), payroll data, job application forms, and other sensitive documents. Assist Security left their server unsecured for several weeks after it was reported by an independent security researcher. The company has faced criticism over its lack of encryption and storage practices. The breach raises concerns about the security measures in place at Assist Security and how they could have been prevented. Assist Security is working to mitigate any risk and ensure the secure deletion of unlawfully retained data. The incident highlights the importance of robust cybersecurity measures for private companies providing sensitive information.
In a shocking revelation, a London-based private security company has been found guilty of exposing over 120,000 sensitive files online. The breach, which was discovered by an independent security researcher, includes personal identifiable information (PII), payroll data, job application forms, and other sensitive documents.
According to JayeLTee, the independent security researcher who made the discovery, Assist Security left their server unsecured for several weeks after it was reported. JayeLTee stated that none of the vetting files related to guards on the company payroll were encrypted, and data also appeared to be stored after individuals either resigned or had their applications rejected.
Assist Security has provided services to major hospitals in London, national rail operators, and high-end fashion brands, including famous icons such as David Beckham and Kate Moss. The breach raises significant concerns about the security measures in place at Assist Security and how they could have been prevented.
The researcher found that hundreds of directories on the server were related to specific individuals, with some people having more data exposed than others depending on where the process stopped. People who were approved would have more exposed, including things such as payroll data.
In an effort to mitigate any risk, Assist Security immediately took corrective action after being made aware of the breach. They claimed that their initial assessment determined that their measures were sufficient to mitigate any risk. However, further investigation is ongoing to determine if notifications to regulatory bodies, such as the ICO, are warranted.
The Information Commissioner's Office (ICO) has confirmed that the data protection watchdog has not received a report from Assist Security regarding the breach. This raises questions about whether the company should have reported the incident internally and how they will handle any further investigations.
Assist Security has assured clients and stakeholders that they remain committed to maintaining trust in their services. They stated that they are working with JayeLTee to ensure the secure deletion of any unlawfully retained data and reviewing the facts to determine if notifications to regulatory bodies, such as the ICO, are necessary.
The breach highlights the importance of robust security measures in place for private companies providing sensitive information. It also raises questions about the responsibility of companies like Assist Security to report data breaches and how they should handle sensitive information.
As the investigation into this breach continues, one thing is clear: the importance of robust cybersecurity measures cannot be overstated. Companies must prioritize their clients' security and take proactive steps to prevent data breaches. The incident with Assist Security serves as a reminder that complacency can have devastating consequences.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/16/private_security_biz_lets_guard/
Published: Thu Jan 16 04:53:33 2025 by llama3.2 3B Q4_K_M
