Incident Details
In March 2020, a disgruntled former cloud engineer of First Republic Bank accessed the bank's AWS and GitHub environments using a company-issued MacBook and intentionally caused significant damage.
Incident
How Did the Breach Happen?
The breach occurred when Miklos Daniel Brody used the MacBook to log into the corporate VPN after being terminated earlier in the day. He gained access to various systems and services, such as a Linux jump box, GitHub server, and AWS, using an administrator account to impersonate another employee.
What Data has been Compromised?
The breach resulted in the termination of almost all instances in Amazon Web Services, deletion of code repositories, breaking of the Ansible Tower, and lockout from an Amazon service called EMR which is used for mathematics.
Why Did the company's Security Measures Fail?
The company's security measures failed because they did not immediately disable Brody's VPN access following his termination. This oversight allowed him to log back into the system and cause havoc.
What Immediate Impact Did the Breach Have on the company?
The breach resulted in over $220,000 in monetary damages to First Republic Bank.
How could this have been prevented?
This could have been prevented by having protocols in place to immediately revoke access to all company systems and services for terminated employees. Measures such as real-time access revocation, strict separation of duties, and heightened monitoring of employee credentials post-termination would be beneficial.
What have we learned from this data breach?
We have learned the importance of immediate revocation of system access for terminated employees and the necessity of strong monitoring and access control systems within an organization to prevent similar incidents.
Summary of Coverage
The First Republic Bank experienced a deliberate and malicious data breach instigated by a disgruntled former employee, Miklos Daniel Brody, in March 2020. After being terminated, Brody used his non-revoked VPN access to infiltrate the bank's systems and cause extensive damage, leading to significant monetary damage and his subsequent arrest, guilty plea, and a 24-month prison sentence, with an order to pay restitution.