The UK based company is an international recruitment agency with expertise on staff of high-net worth clients' yachts operating globally.
The server that was under attack included more than 90,000 files, and was a vulnerable 'victim' as it was left exposed on a misconfigured unsecured Amazon Web Services (AWS) S3 bucket and appears to have been online and available for anyone to access without a password since February 2019.
Yet, following the attack, the company secured the bucket after being notified of the data breach and added that they did not see any evidence that its files had been attacked.
The data that was exposed contained personal information, such as a CV or resume, the individual’s full name, phone number, email, nationality, visas held, date of birth, work history and professional qualifications. It is further noted that there were also 1,295 scanned copies of passports, around 1,000 of which are still in date, at least 500 scans of visas and over 1,000 seafarer medical certificates, known as ENG1 forms.
Following, Sara Duncan, director of Crew and Concierge stated to Verdict that the company employed a cybersecurity expert and took steps to resolve the situation and keep the personal data safe.
It is stated that a data breach could severely impact the yachting industry; As Jake Moore, cybersecurity specialist at ESET noted "cyber criminals can do a lot of damage with a large list of breached data simply containing names and emails but add personal and highly sensitive data to the mix and the risk exponentially increases."
Given that cyber security poses a great threat to companies and industries, specific steps have emerged for a company to become cyber-resilient and be protected from either attacks or threats.
Concluding, now that technology is a big part of the everyday life, many are the companies that have been attacked; For instance, in late January the London Offshore Consultants (LOC) Group has recently been the victim of cyber-attacks.