A security researcher found an unsecured database packed with network logs generated by a security appliance connected to India’s Central Industrial Security Force's network.
The logs contained records for more than 246,000 web addresses of PDF documents on CISF’s network containing the sensitive personally identifiable information on CISF officers.
The database was exposed because of a security issue with Haltdos, a company that provides network security technology to the organization.
It was soon removed from the internet and the database was secured.
Source: https://techcrunch.com/2022/03/18/india-cisf-security-data-exposed/
TPRM report: https://scoringcyber.rankiteo.com/company/cisfcentralindustrialsecurityforce
"id": "cis17343522",
"linkid": "cisfcentralindustrialsecurityforce",
"type": "Breach",
"date": "03/2022",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"
{'affected_entities': [{'industry': 'Security',
'location': 'India',
'name': 'Central Industrial Security Force (CISF)',
'type': 'Government Agency'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'file_types_exposed': ['PDF documents'],
'number_of_records_exposed': '246,000',
'personally_identifiable_information': 'CISF officers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Network logs',
'Personally identifiable '
'information']},
'description': 'A security researcher found an unsecured database containing '
'network logs generated by a security appliance connected to '
"India’s Central Industrial Security Force's network. The logs "
'contained records for more than 246,000 web addresses of PDF '
'documents on CISF’s network containing sensitive personally '
'identifiable information on CISF officers. The database was '
'exposed because of a security issue with Haltdos, a company '
'that provides network security technology to the '
'organization. It was soon removed from the internet and the '
'database was secured.',
'impact': {'data_compromised': ['Network logs',
'Personally identifiable information'],
'systems_affected': ['Security appliance',
'Network logs database']},
'initial_access_broker': {'entry_point': 'Unsecured Database'},
'post_incident_analysis': {'root_causes': 'Security issue with Haltdos'},
'response': {'containment_measures': ['Database removed from the internet',
'Database secured']},
'title': 'Unsecured Database Exposes CISF Network Logs',
'type': 'Data Breach',
'vulnerability_exploited': 'Security issue with Haltdos'}