3rd Party Risk Management , Fraud Management & Cybercrime , Fraud Risk Management
Intel Investigating Possible Leak of Internal DataCompany Says Individual With Access 'Downloaded and Shared This Data'
Chip giant Intel is investigating what led to the posting of 20 GB of internal company data - including what appears to be confidential corporate information - to the MEGA cloud storage and file sharing platform.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Till Kottmann, a Swiss IT and security consultant who goes by the Twitter handle Tillie 1312 Kottmann, said in a tweet that she posted data she received from an anonymous hacker who claimed to have breached Intel earlier this year. And she says she intends to post additional information.
"Most of the things here have not been published anywhere before and are classified as confidential, under NDA or Intel Restricted Secret," Kottmann says in a tweet.
On her Twitter page, Kottman encourages her followers to contact her if they have "access to confidential information, documents, binaries or source code, which you think should be made available to the public."
In a statement provided to Information Security Media Group, Intel says: "We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”
Intel describes the Intel Resource and Design Center as a technical resource where designers, engineers and developers can find technical documentation, software, tools and support to design and build applications with Intel products.
Data Already Available?
Chris Clements, vice president of solutions architecture with security firm Cerberus Sentinel, believes the posted data was already available to Intel's partners and was not a valuable asset for a hacker to attempt to sell or use for extortion purposes.
"If that is the case, it would explain why they couldn’t extort Intel to prevent release or find another buyer for Intel’s internal information," Clements tells ISMG.
Erich Kron, security awareness advocate for KnowBe4, says: "While this appears to be an issue related to a third party, it does underline the security concerns around intellectual property when working with business partners both up and down the supply chain. There is always a risk when sharing potentially sensitive information to these business partners, however, this is often an unavoidable part of doing business."
Kron says it's imperative to track and log who has accessed data. "Even better, as in this case with Intel, ensuring that you know where the documents have been shared by potentially marking the document itself can be very valuable when hunting potential misuse as appears to have occurred here," he says.