Detailed and potentially sensitive information uploaded by firm Slaughter and May was left exposed on an open database platform.
The cache of data, which included Companies House forms, partial security authentication details, business email addresses, and encrypted passwords, were accessible on a historic database owned and operated by British tech giant Advanced Computer Software.
TPRM report: https://scoringcyber.rankiteo.com/company/slaughter-and-may
"id": "sla029301222",
"linkid": "slaughter-and-may",
"type": "Data Leak",
"date": "05/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Legal Services',
'name': 'Slaughter and May',
'type': 'Law Firm'}],
'attack_vector': 'Open Database',
'data_breach': {'data_encryption': 'Encrypted passwords',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Companies House forms',
'Partial security authentication '
'details',
'Business email addresses',
'Encrypted passwords']},
'description': 'Detailed and potentially sensitive information uploaded by '
'firm Slaughter and May was left exposed on an open database '
'platform. The cache of data, which included Companies House '
'forms, partial security authentication details, business '
'email addresses, and encrypted passwords, were accessible on '
'a historic database owned and operated by British tech giant '
'Advanced Computer Software.',
'impact': {'data_compromised': ['Companies House forms',
'Partial security authentication details',
'Business email addresses',
'Encrypted passwords']},
'title': 'Sensitive Data Exposure by Slaughter and May',
'type': 'Data Exposure'}