AMP

A data breach at online trading company AMP that revealed Social Security numbers and credit reports for customers was discovered, according to security expert Chris Vickery.

Over 10,000 account applicants' sensitive information is also included in the files, which show that AMP has over $50 million in assets on hand.

Vickery found that a backup device run by a third-party IT vendor had been improperly configured, causing a data leak that has now been repaired.

A genuine identity theft operation could require a plethora of information, which is why credit reports, passport scans, internal company emails, customer chat logs, and more are all included in the compromised data.

Source: https://securityaffairs.com/58527/data-breach/amp-data-leak.html

TPRM report: https://scoringcyber.rankiteo.com/company/amp

"id": "amp18201123",
"linkid": "amp",
"type": "Data Leak",
"date": "04/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 10000,
                        'industry': 'Online Trading',
                        'name': 'AMP',
                        'type': 'Company'}],
 'attack_vector': 'Improper Configuration',
 'data_breach': {'number_of_records_exposed': 10000,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security Numbers',
                                              'Credit Reports',
                                              'Passport Scans',
                                              'Internal Company Emails',
                                              'Customer Chat Logs']},
 'description': 'A data breach at online trading company AMP that revealed '
                'Social Security numbers and credit reports for customers was '
                'discovered, according to security expert Chris Vickery. Over '
                "10,000 account applicants' sensitive information is also "
                'included in the files, which show that AMP has over $50 '
                'million in assets on hand. Vickery found that a backup device '
                'run by a third-party IT vendor had been improperly '
                'configured, causing a data leak that has now been repaired. A '
                'genuine identity theft operation could require a plethora of '
                'information, which is why credit reports, passport scans, '
                'internal company emails, customer chat logs, and more are all '
                'included in the compromised data.',
 'impact': {'data_compromised': ['Social Security Numbers',
                                 'Credit Reports',
                                 'Passport Scans',
                                 'Internal Company Emails',
                                 'Customer Chat Logs'],
            'identity_theft_risk': 'High'},
 'post_incident_analysis': {'corrective_actions': 'Repaired backup device '
                                                  'misconfiguration',
                            'root_causes': 'Backup device misconfiguration'},
 'references': [{'source': 'Chris Vickery'}],
 'response': {'remediation_measures': 'Backup device misconfiguration repaired',
              'third_party_assistance': 'Third-party IT vendor'},
 'title': 'Data Breach at Online Trading Company AMP',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Backup Device Misconfiguration'}

AMP

Lazarus Naturals

Estes Forwarding Worldwide

Synnovis