In February 2019, UK-based Crew and Concierge Ltd., a shipping company specializing in the yacht industry, suffered a significant data breach exploited through COVID-19-related phishing scams targeting remote employees. Hackers gained unauthorized access to a company server containing over 90,000 files, which was unprotected by a password, exposing it to public access. The breach compromised personal data of more than 17,000 individuals globally, including employees and associates in the yacht sector. The incident highlighted severe security negligence, particularly in remote work policies, leaving sensitive information vulnerable. The company now faces potential regulatory fines and reputational damage due to the failure to implement basic cybersecurity measures, such as password protection and phishing awareness training. The exposed data could lead to identity theft, financial fraud, or further targeted attacks against affected individuals, amplifying the breach’s long-term consequences for both the company and its workforce.
Source: https://www.sailweb.co.uk/2020/02/04/second-data-breach-exposes-yachting-industry-professionals/
TPRM report: https://www.rankiteo.com/company/crew-concierge
"id": "cre351092125",
"linkid": "crew-concierge",
"type": "Breach",
"date": "2/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17,000+ Individuals',
'industry': 'Shipping/Yacht Industry',
'location': 'United Kingdom',
'name': 'Crew and Concierge Ltd.',
'type': 'Private Company'}],
'attack_vector': ['Phishing (Email)',
'Unsecured Server (No Password Protection)'],
'data_breach': {'data_encryption': 'No (Server Had No Password Protection)',
'data_exfiltration': 'Likely (Files Accessible Without '
'Protection)',
'number_of_records_exposed': '17,000+ (Individuals) / 90,000+ '
'(Files)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personal Data of Yacht Industry '
'Professionals)',
'type_of_data_compromised': ['Personal Data']},
'date_detected': '2019-02',
'description': 'In February 2019, UK-based shipping company Crew and '
'Concierge Ltd. fell victim to a data breach. Hackers '
'exploited COVID-19 pandemic conditions, targeting employees '
'working from home via email phishing scams. This resulted in '
'unauthorized access to personal data of over 17,000 '
'individuals in the yacht industry worldwide. A company server '
'containing 90,000+ files was found to be accessible without '
'password protection, exposing sensitive information.',
'impact': {'brand_reputation_impact': 'High (Potential Hefty Fine and Loss of '
'Trust)',
'data_compromised': ['Personal Data of 17,000+ Individuals in the '
'Yacht Industry'],
'identity_theft_risk': 'High (Personal Data of 17,000+ Individuals '
'Exposed)',
'legal_liabilities': ['Potential Regulatory Fines'],
'systems_affected': ['Company Server (90,000+ Files Exposed)']},
'initial_access_broker': {'entry_point': ['Phishing Emails (Targeting Remote '
'Workers)',
'Unsecured Server'],
'high_value_targets': ['Personal Data of Yacht '
'Industry Professionals']},
'motivation': ['Data Theft', 'Opportunistic Exploitation (COVID-19 Pandemic)'],
'post_incident_analysis': {'root_causes': ['Lack of Password Protection on '
'Server',
'Phishing Vulnerabilities (Remote '
'Work Exploitation)',
'Inadequate Access Controls']},
'regulatory_compliance': {'fines_imposed': 'Potential Hefty Fine (Not Yet '
'Specified)'},
'title': 'Data Breach at Crew and Concierge Ltd.',
'type': 'Data Breach',
'vulnerability_exploited': ['Lack of Multi-Factor Authentication (MFA)',
'Improper Access Controls',
'Remote Work Vulnerabilities (COVID-19 '
'Exploitation)']}