Man Realizes He Has Unauthorized Access to Brinks Home Customer Data
EDMONTON — A Brinks Home customer in Canada recently discovered he had access to the account information of roughly 100 customers while attempting to troubleshoot his malfunctioning door sensors.
Andrew Kopp signed into his system’s online portal and noticed he “had a drop-down [menu] to select a whole bunch of addresses,” he told the CBC.
Kopp says he was able to see names, addresses, phone numbers, emergency contacts and account payment history.
He reported the incident to Brinks in early 2022 but noticed that he still had access in April. By the time July rolled around, he still had access and reported the issue again, this time requesting to speak to a manager. He was promised a manager would call him back but he never received a call.
Ultimately, by mid-September, Kopp saw that the issue seemed to be fixed after sending the company an email. He estimates he was able to access other customers’ data for seven to 10 months.
When reached for comment on the story, Brinks told SSI, “Brinks Home’s number one priority is ensuring the safety and security of all our customers, and we take the matter of data privacy very seriously. Regarding the issue with the BrinksHome portal, upon receipt of Mr. Kopp’s September 2022 email, the Brinks Home team took immediate action to remediate the situation and resolved this isolated issue within 24 hours with no impact to our service.”
Despite the unintended data breach that lasted nearly a year, Brinks has not notified any of its customers whose data was exposed, saying it conducted a review with both internal and external counsel and determined that the nature of the data that was visible did not require a customer notification.
Brinks says the customer service representative who originally spoke with Kopp in July was from a third-party and did not follow the proper protocols and procedures required by Brinks Home when an escalation is requested by its customers.
“We have since reinforced our protocols and trainings with the representative in question to ensure compliance with our escalation procedures. All Brinks Home customer service representatives go through a rigorous training program, which includes training around data privacy and security. As a company, we remain committed to working hand-in-hand with our customers to resolve any issues or concerns and will continue to do so in the future,” the company says.
Brinks also says that less than .01% of its total customer base had the ability to view the contact information of a small subset of other customers, to its knowledge Kopp is the only customer that accessed other customers’ information and that no financial or banking information was visible as part of this incident.
The company adds that there was also no involvement of third-party actors.
The post Man Realizes He Has Unauthorized Access to Brinks Home Customer Data appeared first on Security Sales & Integration.
from News Archives - Security Sales & Integration https://www.securitysales.com/news/unauthorized-access-brinks-home-customer-data/
via IFTTT
Comments
Post a Comment