The customer engagement platform Maropost recently leaked 95 million records by way of an unsecured Google cloud server. The issue was found in early February and the server was secured on April 1st. Maropost CEO Ross Andrew Paquette claimed that the emails that were found were randomized test emails, this, however, was not the case. Although no PII was included on the server, email addresses and metadata (exact date and time the emails were sent, who sent them and to whom) were included and could be used to carry out phishing campaigns and BEC scams. The CEO of RiskRecon, Kelly White said, “It is also rooted in the failure of Maropost’s customers to hold them accountable to operating a strong security risk management program. Companies must operate robust third-party security risk management programs that hold their vendors accountable to implementing good security practices.”
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security