According to Brian Krebs, Vermont had at least five websites that gave anyone access to critical information. One of the programs impacted was the state’s Pandemic Unemployment Assistance program. It revealed the applicants’ full names, Social Security numbers, residences, contact information (phone, email, and address), and bank account details. Vermont adopted Salesforce Community, a cloud-based software solution created to make it simple for businesses to quickly construct websites, just like the other organizations giving the general public access to sensitive data.
Among the other victims was Columbus, an Ohio-based Huntington Bank. It recently bought TCF Bank, which processed commercial loans using Salesforce Community. Names, residences, Social Security numbers, titles, federal IDs, IP addresses, average monthly payrolls, and loan amounts were among the data components that were revealed.
Apparently, both Vermont and Huntington discovered the data leak after Krebs reached them for a comment on the matter. Following this, both the customers withdrew public access to the critical data..
Salesforce Community websites can be set up to require authentication, limiting access to internal resources and sensitive information to a select group of authorized users. The websites can also b
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: