Recently, it came to our attention that the PIP Printing Company has experienced a massive data security breach that exposed thousands of sensitive documents, including lawsuits against Hollywood studios, personal immigration-related papers, legal filings, extensive medical records, and labour filings involving NFL players. The security leak went on for four months and was only repaired last Tuesday.
Currently, there is no evidence that any files were accessed for malicious purposes.
Michael Bluestein, the owner of PIP, explained that a third-party IT company had accidentally misconfigured the backup protocols, effectively leaving a back-door open in the system. Immediately after discovering the breach, they proceeded to lock down access to their database. In addition to that, Bluestein added that they changed their passwords, took all possibly affected computers offline, and hired a team of forensic IT experts.
As for the additional data security measures undertaken by the company, Bluestein mentioned they are already in the process of installing new firewalls and creating closed VPNs for their backup files, even though that goes beyond what is typically recommended.
According to Bob Diachenko, whose firm investigated the breach, it was first discovered in October.
The National Football League Players Association and the NFL refrained from commenting on the private documents of their players being exposed.
According to Diachenko’s Mackeeper Security Research Center, the breach can be attributed to a misconfigured “rsync” backup system. They believe that these types of vulnerabilities occur far more often than they should.