MEGA problem with cloud security

A cloud storage and file hosting provider has released a security update to address vulnerabilities that could have exposed data, even though the data had been encrypted. New Zealand-based, MEGA, has over 250m registered users from over 200 countries and users have uploaded 120bn distinct files. The report says the vulnerability is highly complicated for outsider threats but not as challenging for rogue MEGA employees. 

Thankfully it appears no accounts were comprised before the security update. Researchers 1 – 0 Hackers. Nevertheless, this is the kind of story that would keep the average CTO, CIO or CISO awake at night. Is everything in order?

  • Strong approach to security? Cyber Essentials? ISO27001? Appropriate technical & organisational measures to protect data?
  • Registration with the appropriate regulator?
  • Contract with the supplier containing robust obligations including indemnities for data breaches?
  • Action plan to minimise the potential damage from a data leak?
  • Insurance cover?

Of course, there’s only so much diligence you can do on your provider and you can’t make everything 100% safe. But you should remember not all businesses recover from a data leak. How sure are you your data is safe?

If you need advice, contact me f.jennings@teacherstern.com or +44 (0) 20 7611 2338.

This post first appeared on the Teacher Stern website.

What's your view? Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.