fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Student Health Insurance Carrier Guard.me Suffers A Data Breach

Student Health Insurance Carrier Guard.me Suffers A Data Breach

Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders’ personal information.

guard.me is one of the world’s largest insurance carriers specializing in providing health insurance to students while traveling or studying abroad in another country.

On May 12th, Guard.me discovered suspicious activity on their website that led them to take down their website. When visiting the website, visitors are automatically redirected to a maintenance page warning that the site is down while the insurance provider increases security on the site.

“Recent suspicious activity was directed at the guard.me website and in an abundance of caution we immediately took down the site. Our IS and IT teams are reviewing measures to ensure the site has enhanced security in order to return the site to full service as quickly as possible.” reads the guard.me website.

Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings

guard.me website maintenance page

Today, guard.me began emailing students a data breach notification seen by BleepingComputer that states a website vulnerability allowed unauthorized persons to access policyholders’ personal information.

“In the late evening of May 12, 2021 our Information Systems team discovered unusual activity on our website and as a precaution they immediately took down the website and took immediate steps to secure our systems. The vulnerability has been addressed.  Our experts are diligently investigating the matter further,” says Guard.me data breach notification.

This vulnerability allowed the threat actor to access students’ dates of birth, genders, and encrypted passwords. For some students, their email addresses, mailing addresses, and phone numbers were also exposed.

guard.me states that they have fixed the vulnerability and that it has withstood further attempts by their cybersecurity team to bypass the additional safeguards.

The insurance carrier also states that they are instituting new policies for increased security, including database segmentation and two-factor authentication.

Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes

Being a Canadian company, it is not clear if guard.me disclosed the breach to the Privacy Commissioner of Canada and has not responded to BleepingComputer’s requests for more information.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us