Our recent discovery and analysis of publicly downloadable code repositories originating from data analytics firm AggregateIQ has answered a few questions, but raised many more. In Part One of “The AggregateIQ Files,” we explained how the data exposed from within this development repository appear to corroborate existing evidence and accusations that AggregateIQ and Cambridge Analytica, an embattled and highly controversial data firm, work closely together, on projects that appear customized for Cambridge Analytica clients like Texas Senator Ted Cruz.
The UpGuard Cyber Team’s latest discovery of a data leak, involving the exposed IT assets of a data analytics firm based in British Columbia, Canada, presents significant questions for society about how technology can be used. In this first installment of a multipart series titled “The AIQ Files,” we begin to explain the importance of the data revealed from a publicly exposed AggregateIQ repository, and how it relates to recent US political history.
(UPDATE 3/8/1018) After consultation with Capital One’s legal team and technical teams, UpGuard was informed that Capital One’s system security was not impacted by this matter, and UpGuard has therefore updated its post.
In a blow to consumer privacy that recalls previous breaches in the credit repair and marketing industries, the UpGuard Cyber Risk Team can now disclose that the Maryland Joint Insurance Association (JIA), a private-sector program providing property insurance in the state, exposed personally identifiable information for thousands of individuals to the public internet via a misconfigured storage device. This data exposure once again underscores the ease with which highly sensitive, personally identifiable information can leak online - in this instance, through an open port on an internet-connected device.
Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.