The tale of the Mossack Fonseca hack (Panama Papers leak) is not a new one, but a timeless classic; outdated and vulnerable software, poor security and a weak incident response strategy. We have trouble preaching the importance of security at the best of times, but when safeguarding sensitive data for some of the richest and most powerful people in the world, you shouldn’t need to be told twice to develop in-depth fortifications.
The Mossack Fonseca main site and customer portal were plagued with vulnerabilities and outdated software and the email server was running an 8 year old version of Outlook from 2009. Like every other story of carelessly guarded sensitive data, this eventually resulted in a Data Breach. The one thing about this story that is not a repeat of history, is the scale - 2.6TB was the size of the subsequent data dump. This is the largest data leak of its kind, ever. This data dump contained details of hundreds of thousands of offshore companies, some set up in order to evade and avoid tax. Over 70 world leaders, past and present and thousands of banks, companies and law firms.
There is a lot of media attention surrounding this topic, due to its pertinent nature in defacing the edifice of trust in our conglomerates, world leaders and supposedly upstanding citizens. This media attention can lead to the topic being trivialised and obfuscated. We’ve gone to great lengths to deliver unbiased and non-speculative information amongst the smokescreen of pop-journalism. The original source on the breach was the Süddeutsche Zeitung - this is our recommended source for further reading.
In this weeks #VisuallyExplained, we’ve condensed an abundance of information into some of the most significant statistics and details about the data dump, the hack, and how it could have been mitigated.
No comments:
Post a Comment
Please adhere to proper blog etiquette when posting your comments. This blog owner will exercise his absolution discretion in allowing or rejecting any comments that are deemed seditious, defamatory, libelous, racist, vulgar, insulting, and other remarks that exhibit similar characteristics. If you insist on using anonymous comments, please write your name or other IDs at the end of your message.