Our world is becoming more digitized by the minute; but as great as the opportunities presented by the advancements in digitization may be, they are accompanied by equally great risks. When asked about their worst imaginable scenario, IT managers will answer in unison: a large-scale data breach. For German car rental company Buchbinder, this hypothetical nightmare recently became a reality. Though it cannot yet be fully determined what the exact consequences of the incident are, it is for certain that they are potentially catastrophic.
But let’s start at the beginning. First, we need to take a look at what a data breach actually is. Wikipedia states: “A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”
Historic Data Breach
This is the largest-scale data leak Germany has seen to date and with Buchbinder a major player has been hit. By their own account, Buchbinder are “market leader in the private customer segment cars and trucks in Germany and Austria”. The company, which is based in Regensburg, employs more than 2,500 people and operates around 165 rental stations across Europe. Their turnover recently amounted to almost 350 million euros.
Just as impressive as the company’s scale is the scale of their data leak. A whopping 10 terabytes of delicate customer data were affected by the data breach, simply because the company’s file server was accessible over the internet without any protection whatsoever.
The consequence was that anyone who cared was able to access information on three million of Buchbinder’s customers online for several weeks. The reason? Quite simply, the lack of structured access rights. The data affected goes back back 18 (!) years and includes a broad range of information, from names, addresses and telephone numbers to scans of invoices, contracts, e-mails and even pictures of damaged cars.