Today, I'm sharing an unredacted October 2024 #CargillsBreach internal review on data security, which warns of substantive data protection issues highlighting major compliance issues. It shows possible continued negligence from Cargills Bank which could have contributed to the massive data leak. The report shows,
I would appreciate it if someone could translate this to Sinhala and Tamil and post. More about the breach and the exposed data can be found on my X account.
- Open USB ports in bank computers (as in, not disabled for drives)
- Lack of data encryption in storage
- Lack of control over which documents are printed
- Sharing emails with sensitive data with non-bank third parties
- Unrestricted attachment types
- Lack of data-download records (this may indicate why Cargills Bank has been unable to say which data was stolen)
- Lack of customer data-protection agreements with vendors
- Not having customer data deletion guidelines
- Inadequate data leak prevention monitoring and reporting
- Lack of network systems monitoring for data leaks
- Software patch management falling behind schedule
- Ineffective backup restoration
- Lack of staff training
- Sensitive data being shared without password protection
- Lack of multi-factor-authentication in storing cardholder data
- Lack of email security-level classification system
I would appreciate it if someone could translate this to Sinhala and Tamil and post. More about the breach and the exposed data can be found on my X account.
