Known for its insurance provided to students that study abroad, Canadian company guard.me discovered a security incident on May 12th, 2021 that caused their website to be taken offline. Suspicious activity was picked up by their Information Security team which prompted them to take action nearly immediately. Now, customers that visit their site are met with a notification that reads, “Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site. Our IS and IT teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible.” The vulnerability made information such as dates of birth, genders, encrypted passwords, email addresses, mailing addresses, and phone numbers available to the perpetrators. Guard.me has assured that they’ve mitigated the issue and begun notifying students via email.
Analyst Notes
New policies have been put in place by Guard.me that add increased security to their website, including database segmentation and two-factor authentication. It is also advised that website owners make sure software and plug-ins are up to date. Something else to keep up to date is SSL certificates. Using a secure web-host that will protect uploaded website data is also suggested.
