The Aggregate IQ Files, Part One: How a Political Engineering Firm Exposed Their Code Base

The UpGuard Cyber Team’s latest discovery of a data leak, involving the exposed IT assets of a  data analytics firm based in British Columbia, Canada, presents significant questions for society about how technology can be used. In this first installment of a multipart series titled “The AIQ Files,” we begin to explain the importance of the data revealed from a publicly exposed AggregateIQ repository, and how it relates to recent US political history.

Read More

Cloud Burst: Software Delivery via Public Cloud Storage

(UPDATE 3/8/1018) After consultation with Capital One’s legal team and technical teams, UpGuard was informed that Capital One’s system security was not impacted by this matter, and UpGuard has therefore updated its post.

Read More

Double Indemnity: How An Insurer Exposed Its Customers

In a blow to consumer privacy that recalls previous breaches in the credit repair and marketing industries, the UpGuard Cyber Risk Team can now disclose that the Maryland Joint Insurance Association (JIA), a private-sector program providing property insurance in the state, exposed personally identifiable information for thousands of individuals to the public internet via a misconfigured storage device. This data exposure once again underscores the ease with which highly sensitive, personally identifiable information can leak online - in this instance, through an open port on an internet-connected device.

Read More

What is Cyber Resilience?

Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.

Read More