Exploit: Unsecured Database
Town Sports International: Sports Club Operator
Risk to Small Business: 1.753 = Severe Cybersecurity researchers discovered an unsecured database owned by Town Sports International that was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. The Amazon S3 bucket contained full names, addresses, contact information, credit card last 4 digits and expiry dates, billing histories, and other sensitive information for 60,000 members of health clubs along the East Coast, including clubs in Boston and New York. Employee records were also stored in this database, and their personal information was also likely exposed.
Individual Risk: 1.601 = Severe This database was left wide open for at least a year, giving cybercriminals and databrokers ample time to harvest it for fuel to empower phishing attacks, identity theft, and other cybercrime.
Customers Impacted: 600,000
How it Could Affect Your Customers’ Business: Minor security errors happen, but colossal blunders like this speak to a culture of sloppy security and lack of regard for data privacy across an organization.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
