A data breach at Sequoia has resulted in personal information being exposed.
Sequoia lost customers’ sensitive and private information due to a data breach. The organization informed customers and those impacted by the breach. The incident occurred between September 22 and October 6, according to an article by Wired.
Among the data that may have been stolen are names, residences, genders, dates of birth, marital status, job status, social security numbers, business email addresses, wage information and member IDs.
In a note to consumers, Sequoia said that when they learned about the issue, they immediately implemented a response strategy, including engaging Dell’s Secureworks to conduct a forensic assessment.
The investigation did not uncover any proof that an unauthorized person had distributed or used the data improperly, nor did it disprove that data was stolen or accessed. No signs of malware, data extortion, or any other persistent illegal access to the company systems have been discovered, according to Secureworks.
Sequoia hinted at the potential impact of the breach by emphasizing that the data was ‘read-only’. The company added that there’s no proof of an unauthorized party altering client information.
“Enterprises adopt cloud-native strategies because they want to accelerate their processes and their ability to innovate”, Erfan Shadabi, cybersecurity expert at security firm Comforte, told SiliconANGLE. “Unfortunately, most organizations struggle with the right level of data security to avoid compromise within the cloud environment.”
“This is a massive breach that will have a large impact on all affected customers based on the amount of sensitive data that has been stolen”, added Javvad Malik, security awareness advocate at security awareness training company KnowBe4.
“Unlike credit card information, sensitive personal information cannot be easily changed or amended or in most cases not changed at all”, Malik explained. “The long-term impact should not be underestimated as criminals can use this information to launch spear phishing attacks against victims.”