Security breaches are a real pain to any business, to say nothing about the consumers who suddenly find their credit card number being shared by 20 million of their now-closest friends. And then there are the data breach notification laws, which are another confounding fact of life.
But it can get worse, like when your own company inadvertently leaves your most personal information available for anyone to snag. That's what just happened to rocker Joan Jett, according to Motherboard. The singer who is famous for her cover of "I Love Rock 'n Roll" found that Blackheart Records, the label she co-founded, had left some incredibly sensitive data on its website.
MacKeeper Security Research Center, which has a history of uncovering sites that have left data unprotected, was the one that found the problem last week. There's no way to know for certain at the moment whether the files had been up there long or if anyone else had gotten access to the data. Apparently someone at the label had mistakenly left the material unprotected on a server connected directly or indirectly to the Internet.
How sensitive was the data? Try a "treasure trove" that included the following, according to MacKeeper:
There are unreleased tracks, never before seen pictures, even rejection letters from 1980 when Joan Jett was trying to get a record deal. There are also social security numbers of label employees and band members, internal memos and scanned checks of royalty payments and much more. From the entertaining obsessed fan emails to lawsuits and arrest records of the label manager, this database is a look inside of how the record label is operated and the communication between rock and roll royalty.
Also add "social security numbers, banking information, scans of passports, and IDs." Someone didn't even need a user name, password, or any other form of authentication to get at the material. All someone needed was an Internet connection and some poking around.
This is more common than you might think, although it doesn't come to public light so often. In December 2014, Morgan Stanley found that an employee had mistakenly exposed the financial data of 900 extremely wealthy clients online. Rich or poor, it can happen.
It can also happen when you own, or are a founder of, a company. Between the potential of losing customer data or personal information of employees -- or yourself -- it would seem a good time to get some help. Find a company that can run a security audit on your business. If nothing else, look for gross problems that could open your systems to people with bad intentions. It might cost a bit, but losing that data could cost a lot more in the long run.