ZDNet recently reported that hackers held approximately 23,000 unsecured MongoDB databases ransom, wiping the data and demanding the bitcoin equivalent of 140 USD in exchange for safely restoring access. Incredibly, the 23,000 breached databases, which account for an astounding 47 percent of all MongoDB databases accessible online, were hacked because they lacked basic password protection. The hackers also threatened to report the negligent parties to local GDPR enforcement authorities, adding another layer of concern to the victims.
While paying 0.015 bitcoin to a hacker in exchange for your data may not seem like a major expense, the GDPR penalties, if enforced, could be disastrous for any business. There are two levels of fines based on the GDPR.
- Level 1: €10 million or 2 percent of the company’s global annual turnover from the previous year, whichever is higher
- Level 2: €20 million or 4 percent of the company’s global annual turnover from the previous year, whichever is higher
It’s clear that potential fines for noncompliance are substantial. And while the threat of hackers, data breaches, and ransom payments may offer additional motivation, organizations can easily ensure continuous security and compliance with GDPR (and many other regulations and standards) by using DivvyCloud.
Check out our Demo Center to see how DivvyCloud can detect an exposed AWS bucket (or other cloud resource) and mitigate the vulnerability automatically.