Company continues to engage with hacker on extent of data they may have unlawfully exfiltrated - and be retaining.
More than 120,000 files - amounting to 46GB - were exposed by a London-based private security firm.
Included in the data exposed by the server were personally identifiable information, job application forms, Security Industry Authority cards, payroll details, TrustID validated documents, and invoices from up to two decades ago.
According to The Register, the files were exposed as a result of a server misconfiguration by Assist Security. Researcher JayeLTee said the data all related to a backup generated around August 2023, with the exposed server discovered on October 23, 2024. This was resolved six days later, when Assist closed the access after the researcher reported it.
In response to a comment request, Assist Security said: "On receipt of information regarding the allegedly exposed files, immediate corrective action was taken. We are grateful to the ethical hacker for their diligence in bringing this matter to our attention. At the time our initial assessment determined that our corrective measures were sufficient to mitigate any risk."
The company went on to add that in light of new information it had received, it is continuing to engage with the ethical hacker to understand the extent of data they may have unlawfully exfiltrated and be retaining.
This includes working with them seeking to ensure the secure deletion of any unlawfully retained data and further reviewing the facts to determine if notifications to regulatory bodies, such as the ICO, impacted individuals or law enforcement are warranted.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
