"The Duc App breach, as reported by TechCrunch, is not an anomaly. It is the predictable result of a regulatory framework that mandates data collection at scale while treating data protection as an afterthought."
"The server belonged to Duales, the company behind the Duc App money-transfer service, which has been downloaded by users on Google Play. A security researcher discovered the lapse and contacted TechCrunch to help identify the data's owner."
"The exposed files reportedly dated back several years and were still being uploaded daily at the time of discovery. Alongside the government-issued identity documents, the server contained spreadsheets listing customer names, home addresses, and detailed transaction records."
Fintech companies are under increasing regulatory pressure to collect government-issued identity documents, yet they have minimal obligations to ensure data protection. A significant breach involving the Duc App revealed that sensitive documents were left on a publicly accessible server for nearly five years. The exposed data included identity documents, customer names, addresses, and transaction records. The CEO attributed the issue to a testing environment but did not clarify the lack of security measures. This incident exemplifies a broader trend of inadequate data protection amidst stringent data collection requirements.
Read at Silicon Canals
Unable to calculate read time
Collection
[
|
...
]