Incident Details
U.S. Internet Corp, a Minnesota-based Internet provider, operates a business division known as Securence. Securence specializes in delivering secure email services with filtering capabilities to various organizations globally, including businesses, educational establishments, and government bodies. Recently, it came to light that U.S. Internet had inadvertently exposed over a decade's worth of internal emails, as well as those of numerous Securence clients, in plain text on the internet. This sensitive information was easily accessible to anyone with a web browser. U.S. Internet, headquartered in Minnetonka, Minnesota, is a local Internet Service Provider offering fiber and wireless connections. Securence, a division of the ISP, is renowned for its email filtering and management software, providing email security and protection services to small businesses, enterprises, schools, and government entities worldwide.
Incident
How Did the Breach Happen?
The U.S. Internet company accidentally exposed over ten years' worth of its internal email communications as well as those belonging to numerous Securence clients, making them easily accessible to anyone using a web browser.
What Data has been Compromised?
Emails from U.S. Internet and its subsidiary USI Wireless, along with the emails of numerous Securence customers, were inadvertently exposed and accessible to the public.
Why Did the company's Security Measures Fail?
There was a security breach caused by a misconfiguration in the servers managing the setup of U.S. Internet's systems. The former employee, who made the incorrect configuration, did so unknowingly, and it was not detected.
What Immediate Impact Did the Breach Have on the company?
U.S. Internet swiftly took down all the accessible inboxes upon learning about the breach. Travis Carter, the CEO of U.S. Internet, addressed the breach without specifying the duration for which the messages had been compromised.
How could this have been prevented?
To avoid this security breach, U.S. Internet could have put in place effective security protocols like consistent security assessments and code evaluations, verification of accurate settings, and continuous monitoring of system logs for any unusual behavior.
What have we learned from this data breach?
The significance of implementing effective security protocols is underscored by this incident of data breach, as well as the severe outcomes resulting from improper configuration. It stresses the necessity for frequent security assessments, examination of code, and diligent surveillance of networks.
Summary of Coverage
U.S. Internet Corp, a local internet service provider located in Minnesota, recently faced a security incident involving the disclosure of over ten years worth of internal emails and the emails of numerous Securence customers in plain text. The breach was linked to a server misconfiguration that had gone undetected for an unspecified duration. Following the discovery, U.S. Internet Corp promptly took steps to delete the compromised emails and is currently looking into the situation. This event highlights the importance of maintaining strong security protocols and consistent surveillance to avert similar breaches in the future.