Scottish brewing company, BrewDog, left information of around 200,000 shareholders exposed for more than 18 months. This issue was caused by a mistake in the code of their mobile application that could allow anyone access to PII that was stored without any authentication. Names, dates of birth, email addresses, genders, telephone numbers, previously used delivery addresses, shareholder numbers, shares held, referrals, and more were all able to be accessed. A researcher by the name of Alan Monie helped BrewDog fix their application. A quote from Alan Monie states, “As far as I know, BrewDog has not alerted their customers and shareholders that their personal details were left unprotected on the internet. I worked with BrewDog for a month and tested six different versions of their app for free. I’m left a bit disappointed by BrewDog both as a customer, a shareholder, and the way they responded to the security disclosure.” BrewDog said they carried out extensive investigations and they found that no PII was compromised, therefore they don’t need to disclose it.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that