Cybersecurity Stories Thread

[mrskeltal]

I've been a sub to LTT for a while, but I'm new to the forums. I wanted to start off doing a thread about Cybersecurity war stories. Post any and all interesting stories related to Cybersecurity that you've experienced or heard from friends/colleges.

 

(Let me know if this isn't the right place for this post)

[aisle9]

Once upon a time, someone who should have known better saved a file full of PCI data to the company's shared drive. Like, names, SSNs, DOBs, everything. I found it when going into their folder to drop off a couple of files I'd been working on. As soon as I opened it, I walked straight over to the IT director and told them what I'd found. Their face turned as white as mine. We decided that in order to avoid creating massive headaches for ourselves the next morning, we would simply delete the file and they'd remote into said person's laptop to make sure it wasn't saved on there anywhere. If it was, we'd have to report it. It wasn't, so we left it there, and I might have casually mentioned to said person that if they're going to make a big deal about PCI compliance, they probably shouldn't save Social Security Numbers on the shared drive.

 

Then there was the time that the same person caused an interstellar incident by telling the CEO that I was saving SSNs on my company laptop. That conversation went well. I got a call from my boss wanting to know what the hell that person was talking about. I told the truth: I had no idea. I went in the next morning and the head of HR paid me a visit. I told them to go ahead and search my laptop on the spot, or invite in the IT director to do it, maybe even have the idiot who accused me standing over their shoulder to walk them through to exactly where I was keeping all of this nonexistent data on my laptop. The HR director laughed and said that wasn't necessary.

 

I might have mentioned the SSN file to the HR director at that point.

[Bacon soup]

The above reminds me of the time a company kept everyone's phone number, marriage status, and home address, on a spreadsheet in the company's intranet. Accessible to anyone. I asked to be removed from it. A company director responded to me that "it has to be there". So I asked them to update my details with a number for a brothel and an address for a car mechanic that has a couple of mean looking dogs guarding the property. I have a gender-neutral first name so it would be hilarious if anyone called the brothel looking for me.

[WkdPaul]

I have stories about clients, that I can't share because I like my job...

 

At one of my previous job, someone put an unencrypted zip file on our public FTP, the zip file had confidential information about an unannounced movie,  someone found the file and shared it all over. That forced the production company to announce the movie while they had nothing to show.

 

Surprisingly, the person that accidentally leaked this wasn't fired!

[r2724r16]

Ha Ha Ha

[aisle9]

28 minutes ago, wkdpaul said:

I have stories about clients, that I can't share because I like my job...

 

At one of my previous job, someone put an unencrypted zip file on our public FTP, the zip file had confidential information about an unannounced movie,  someone found the file and shared it all over. That forced the production company to announce the movie while they had nothing to show.

 

Surprisingly, the person that accidentally leaked this wasn't fired!

Confirmation that you work for DC. Their cinematic universe is full of movies that leave me with nothing to show for that two hours of my life.