Frost & Sullivan, a US-based business consulting firm recently suffered a data breach after the data from an unsecured backup folder exposed on the Internet was being sold on a hacking forum.
The firm has over 40+ offices world over and more than 1,800 employees that offer services such as market research, growth strategy, and corporate training to the many large corporate companies.
Early this week, a hacking group named KelvinSecTeam posted the company’s leaked database for sale on a hacking forum that contained 6,000 customer records and 6,146 records of the employees.
The leaked customer database includes information such as client name, email address, company contact, and other confidential information.
Exposed employee records include their first and last names, user ids, email addresses as well as the hashed passwords.
“In a conversation with Beenu Arora, CEO of cybersecurity intelligence firm Cyble, Bleeping Computer was told that the data breach was caused by an unsecured backup folder that contained databases and company documents,” Bleeping Computer reported.
“The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers. The backup directory had its employees and customers records, along with other confidential information,” said Arora.
The KelvinSecutiy Team told Bleeping Computer that they have not sold the data yet and expecting a response from Frost & Sullivan “to solve and eliminate the sale attempt.”