A Phishy Breach

Microsoft Azure, a cloud computing service for application management released nearly 13 years ago, prides itself on consistency, productivity and security. Myeasydocs, an India-based online platform company allowing users to submit documents for university, bank and many other important verification purposes, used Azure to store documents and data. The failure: zero implementation of any cybersecurity measures, thereby exposing up to 57,400 files of educational records and personally identifiable information (PII) data.  

The breach was connected to an Israeli unified resource locator (URL) owned by a company that acted as a facilitator of student document submissions to educational institutes in Israel and India. Full names, diplomas and national IDs were leaked, revealing over 50,000 former and current students, putting them at risk of further hacking, harassment and identity theft.   

Phishing campaigns access people’s confidential information, potentially allowing malware and ransomware attacks and future financial troubles. The theft of student diplomas and grade charts, leading to impersonations, can cause innocent students to be set up in fraudulent activities. Academic documents are a key ingredient for identity theft—once the identity is on the dark web, it will cost time and money to restore the damage done to credit scores, tax files and medical services.  

India, where Myeasydocs is headquartered, recently introduced its first cybersecurity policy, coming into effect later this year. Companies must report a breach within six hours of being flagged, meaning that if this occurred a few months from now, the Indian government would intervene. In the United States, a variety of cyber policies are in place for domestic and international security. For example, phishing could lead to a sentence of up to 20 years’ imprisonment.  

As the digital age evolves, so does cybersecurity. And although national security is at risk from cyber adversaries, it is important to prioritize everyday data usage and virtual domestic security, as well. According to TechJury, in 2020, ransomware cases alone grew by 150%. Every 39 seconds, there is a new cyber attack somewhere on the web, and worldwide, it will cost companies $6 trillion to fix breaches made in 2021.   

So, what can organizations do to protect software/data? VpnMentor highly encourages securing all servers and data stores, implementing proper access rules, never leaving open to the Internet a system that does not require authentication, and following company anti-hacking and cybersecurity rules. Security is no longer defined solely by physically locked doors and safe neighborhoods. We now live in a cyber universe, and no one is safe.