News broke that Sequoia, an HR and payroll company, has suffered a data breach where adversaries were able to access the organization’s cloud storage repository that held personal identifiable information (PII) for both employee and customers.
During the incident, which took place between September 22 and October 6, adversaries were able to access employee and customer names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, member IDs, Covid-19 test results, and vaccine cards that individuals uploaded to the employment system. Sequoia has not disclosed how many individuals were affected by the breach.
Sequoia has stated they will offer affected victims with three years of free Experian identity protection services.
Amit Shaked, co-founder & CEO of Laminar shared why cloud security is such a challenge for organizations and how companies should approach mitigating their risk of breach with best practices for data stores and integrated solutions:
"Lack of visibility into where cloud data is located can result in negative consequences, like exposed data being compromised. As many companies transition into primarily cloud-based environments, the lack of visibility into unknown or 'shadow' data increases an organization's overall security risk. The presence of shadow data -- like the repository in this instance -- is increasing and is a top concern for 82% of data security professionals. Company data is a crown jewel, which is why adversaries are growing more confident and targeting larger stores of data, hoping for that unprotected bucket.
Cloud architectures are becoming more dynamic and complex. Security solutions need to be completely integrated with the cloud in order to identify potential risks and have a clear understanding of where data resides. The effects of massive and invasive breaches could be minimized if more companies adopted the dual approach of cloud data visibility and protection. As a result, data security teams would know for certain which data stores are valuable targets and ensure proper security controls are in place." ###