Data leaks and security breaches can happen to anyone, at any time. You never know when some jabroni is hiding under the wrestling ring with a steel chair, ready to attack and steal your data! The most recent example is the July 6 story from Forbes.com citing the massive WWE data leak, exposing 3 million global wrestling fans’ personal information, including home addresses, educational background, earnings and ethnicity. Talk about a Stone Cold Stunner!
According to the Forbes article, a security firm identified a huge, unprotected WWE database containing the 3 million fans’ personal info. The data was sitting on an Amazon Web Services S3 server without username or password protection, and was open to anyone who knew the web address to search.
As of the time I’m writing this blog on July 7, it’s not clear what exactly caused the leak. But I can only assume now instead of hyping SummerSlam 2017 and teasing who John Cena will face in the squared circle, the WWE is now facing a PR royal rumble while working with a cybersecurity firm to determine the cause of the data leak.
The obvious lesson to be learned here is when it comes to your company’s data, all it takes is one mistake for a massive data breach to occur. And it usually happens quickly and/or unexpectedly, like Jake the Snake Robert’s finishing move “The DDT”.
But what also caught my eye was that it wasn’t just the U.S.-based WWE fans’ data leaked. There was another WWE database left unprotected that contained addresses, telephone numbers and names of European fans.
The fact that European fans’ data was at risk is an example of a breach that the GDPR will aim to protect against starting May 25, 2018. Once it goes into effect less than one year from today, the General Data Protection Regulation (GDPR) will require organizations – both the “data controllers” and the “data processors” — to strengthen data protection and security measures to protect the personally identifiable information (PII) of EU citizens, and to demonstrate compliance at any time.
And if you lose the people’s data, you get the People’s Elbow – in the form of severe fines of up to four percent of global revenue or €20 million (whichever is higher).
So how can Quest help with GDPR compliance?
Do you smell what Quest is cooking for GDPR compliance?
Quest solutions focus on helping IT professionals and consultants responsible for Microsoft technologies ensure that their Microsoft environment adheres to GDPR compliance regulations. With Quest solutions, you’ll be able to continually assess, monitor and control your environment so you can stay more productive, secure and compliant with GDPR. In more detail, Quest can help you:
- Discover and assess — Discover who has access to your unstructured personal data that may exist across the many silos of your Microsoft environment, whether on-prem storage or in the cloud. Assess the current state of critical IT assets such as user, computer and group information, direct and nested group memberships, OU and file/folder permissions, ownership and more to ensure only the right people have access.
- Monitor and investigate — Detect, alert and investigate suspicious changes or unauthorized access to files or systems containing personal data, and promptly report on any data breach within the mandated 72 hours to avoid fines and reputation damage
- Govern and control — Strengthen internal security and governance controls by strictly enforcing access to sensitive resources to help ensure data protection by design and default.
So if you find yourself in a compliance Figure Four leg lock, Quest can help!