{"id":207,"date":"2023-12-21T12:24:52","date_gmt":"2023-12-21T12:24:52","guid":{"rendered":"https:\/\/cyberinsights.argusgpi.com\/?p=207"},"modified":"2023-12-28T13:52:57","modified_gmt":"2023-12-28T13:52:57","slug":"cyber-breach-french-estate-agency-leaks-thousands-of-customer-files","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2023\/12\/21\/cyber-breach-french-estate-agency-leaks-thousands-of-customer-files\/","title":{"rendered":"CYBERInsights: DATA Breach &#8211; French Estate Agency Leaks Thousands of Customer Files"},"content":{"rendered":"<div style=\"text-align: left;\">\n<div><b>Cyber Breach: French Estate Agency Leaks Thousands of Customer Files<\/b><\/div>\n<div>Posted By Iain Fraser -Cybersecurity Journalist, Gibraltar<\/div>\n<div>https:\/\/iainfraserjournalist.blogspot.com<\/div>\n<div>Google Indexed:<\/div>\n<div><\/div>\n<div style=\"clear: both; text-align: center;\"><a style=\"margin-left: 1em; margin-right: 1em;\" href=\"https:\/\/1.bp.blogspot.com\/-6hiqMveQvq4\/YW6UfZZ3VDI\/AAAAAAAAB0U\/GKHG8CC-SVA-C8rc5pvcMsU4yO6f4PpagCLcBGAsYHQ\/s1920\/security-gd05325082_1920.jpg\" target=\"_blank\" rel=\"noopener\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-6hiqMveQvq4\/YW6UfZZ3VDI\/AAAAAAAAB0U\/GKHG8CC-SVA-C8rc5pvcMsU4yO6f4PpagCLcBGAsYHQ\/s320\/security-gd05325082_1920.jpg\" width=\"320\" height=\"190\" border=\"0\" data-original-height=\"1142\" data-original-width=\"1920\" \/><\/a><\/div>\n<div><\/div>\n<div style=\"text-align: left;\">French Estate Agency GSI Immobilier is at the centre of a data breach scandal after literally thousands of customer files after being exposed by the research team at The Website Planet. The company was storing data on a Microsoft Azure Blob Storage server whose misconfiguration exposed sensitive customer files and left over 1000 people potentially at risk of further crimes.<\/div>\n<div><b>\u00a0<\/b><\/div>\n<div><b>Customer Data Leaked<\/b><\/div>\n<div><b>\u00a0<\/b><\/div>\n<div>GSI\u2019s Microsoft Azure Blob Storage server was configured without password protection or any encryption, thus providing easy access to anyone who may have found the server and its content. The breach compromised 1342 files (2GB of data) which featured the sensitive personal data of GSI\u2019s holiday rental customers including:<\/div>\n<div><\/div>\n<div>Full names; including first names and surnames<\/div>\n<div>Phone numbers<\/div>\n<div>Email addresses<\/div>\n<div>Addresses of customer\u2019s homes and booking locations<\/div>\n<div>Booking details; including the arrival and departure dates of customers, and the prices paid for each booking<\/div>\n<div>Customer signatures (in some cases)<\/div>\n<div>Scanned pictures of signed cheques (in some cases)<\/div>\n<div>The database was live and regularly updated at the time of discovery.<\/div>\n<div><\/div>\n<div>Leaked arrival and departure dates, along with prices paid for accommodation, provide criminals with a gold mine of information to help them choose potential targets for crime, however, GSI\u2019s breach could potentially cause far greater damages, affecting both its business and its customer base.<\/div>\n<div><\/div>\n<div>GSI customers could be subject to phishing attempts from hackers who access booking information. Bad actors could contact GSI customers via email or phone, using the customer\u2019s name and booking information to build rapport while posing as a GSI employee, or a representative of the holiday rental accommodation.<\/div>\n<div><\/div>\n<div><b>Impact on GSI Immobilier<\/b><\/div>\n<div><\/div>\n<div>GSI Immobilier faces several consequences for leaking customers\u2019 personal data. GSI is likely to come under the scrutiny of the EU\u2019s GDPR data privacy regulations. GDPR is the body of laws that govern data protection throughout the European Union.<\/div>\n<div><\/div>\n<div>Businesses that mishandle, misuse, or fail to protect the data of EU citizens are likely to face sanctions from GDPR. Guilty companies may receive a fine of up to \u20ac20 million or 4% of the company\u2019s annual turnover (whichever is greater).<\/div>\n<div>GSI\u2019s database has leaked the data of English citizens too. The United Kingdom is no longer part of the EU but has retained GDPR laws in the form of UK GDPR , or the Data Protection Act 2018.<\/div>\n<div><\/div>\n<div>The UK\u2019s GDPR laws are the same; only GSI could face a separate fine from British authorities. The max fine for a breach of the Data Protection Act 2018 is slightly lower, at \u00a317.5 million or 4% of the company\u2019s annual turnover (whichever is greater). <a href=\"https:\/\/www.websiteplanet.com\/blog\/gsi-immobilier-leak-report\/\" target=\"_blank\" rel=\"noopener\">Learn More<\/a>\/&#8230;<\/div>\n<div><\/div>\n<div><b>Who is Website Planet?<\/b><\/div>\n<div><b>\u00a0<\/b><\/div>\n<div>Website Planet is a leading resource for web designers, digital marketers, developers, and businesses with an online presence. You\u2019ll find tools and resources for everyone, from beginners to experts \u2014 and honesty is our top priority.<\/div>\n<div><\/div>\n<div>We have an experienced team of ethical security research experts who uncover and disclose serious data leaks as part of a free service for the online community at large. This has included a breach in a famous European office supplier, as well as a breach in an Indian B2B online packaging marketplace leaking sensitive data.<\/div>\n<div><\/div>\n<div><b>About Iain Fraser<\/b><\/div>\n<div><\/div>\n<div>Iain Fraser Cybersecurity Journalist and Commentator &#8211; Gibraltar (Accredited Member of NUJ, IFJ and ONA) and European Authority Writer &amp;amp; Corporate Lecturer on all aspects of Cybersecurity Awareness, Threat Management &amp;amp; Best Practice Mitigation.<\/div>\n<div><\/div>\n<div>Log on to my Blog Daily for my roundup of the latest Cybersecurity News, Breaches, Privacy Protocols and Mitigation. If your organisation needs Definitive, Authoritative &amp;amp; Reliable Cybersecurity Content and Bespoke Articles then we should talk! <a href=\"mailto:iainfraserjournalist@gmail.com\">iainfraserjournalist@gmail.com<\/a><\/div>\n<div><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cyber Breach: French Estate Agency Leaks Thousands of Customer Files Posted By Iain Fraser -Cybersecurity&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1324,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"yes","footnotes":""},"categories":[14],"tags":[419,455],"ppma_author":[415],"class_list":["post-207","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberinsights","tag-cyberinsights","tag-data-breach"],"featured_image_urls":{"full":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false],"thumbnail":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1-150x150.jpg",150,150,true],"medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1-300x178.jpg",300,178,true],"medium_large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false],"large":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false],"1536x1536":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false],"2048x2048":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false],"covernews-featured":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false],"covernews-medium":["https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2023\/12\/security-gd05325082_1920-1.jpg",320,190,false]},"author_info":{"display_name":"Cybersecurity Journalist - Iain Fraser","author_link":false},"category_info":"<a href=\"https:\/\/smecyberinsights.co.uk\/index.php\/category\/cyberinsights\/\" rel=\"category tag\">SMECYBERIINSIGHTS<\/a>","tag_info":"SMECYBERIINSIGHTS","comment_count":"0","authors":[{"term_id":415,"user_id":0,"is_guest":1,"slug":"cybersecurity-journalist-iain-fraser","display_name":"Cybersecurity Journalist - Iain Fraser","avatar_url":{"url":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png","url2x":"https:\/\/smecyberinsights.co.uk\/wp-content\/uploads\/2024\/10\/index_image440-removebg-preview.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=207"}],"version-history":[{"count":0,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/207\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media\/1324"}],"wp:attachment":[{"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=207"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/smecyberinsights.co.uk\/index.php\/wp-json\/wp\/v2\/ppma_author?post=207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}