Planned Software Update Causes Major Data Breach
This breach is of particular interest in that they were patching software, most likely for security reasons. Although this particular patch was scheduled and performed by an IT company, it is cause for concern in that a case can be made for strict monitoring of any and all software installed on computers, especially those that may have access to or deal with sensitive information. Please take this as a reminder that software should be installed, documented and monitored by the IT department if said software is being installed on a company owned device that has access to internal networks or files. This is also a consideration if equipment has access to or receives sensitive information from external sources.
Almost 2 million Michigan residents had their names and Social Security numbers potentially exposed due to when a software update went awry opening the information to outsiders. The information was exposed and unprotected from October 10, 2016 until January 30, 2017 when the error was found and quickly fixed. The incident occurred when a scheduled software update that took place in October that was performed by a third-party vendor opened to the data to authorized users of the Michigan Data Automated System. Data these people were not authorized to view.