French healthcare software company Apodis Pharma was notified that their private data was publicly accessible on an unsecured ElasticSearch database which was discovered by the investigation team at CyberNews. Included in the 1.7TB of data was information such as pharmaceutical sales data, full names of Apodis Pharma partners and employees, client warehouse stock statistics, pharmaceutical shipment locations and addresses, as well as other business-related data. It is unclear who had access to the database, but it has definitely been seen by quite a few people as it has already been indexed at least once. When the exposed database was first discovered by CyberNews, they contacted Apodis Pharma and did not get a reply. Nearly a week later CyberNews then reached out to the Computer Emergency Response Team (CERT) in France and the CERT’s efforts to inform Apodis also failed. Nearly three weeks after communication attempts were made, the database was still available to the general public. Mathieu Bolard, the CTO of Apodis Pharma was reached out to directly and had the issue fixed almost immediately.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security