【will putting pillows in the dryer kill bed bugs】2.4 Million Dow Jones High-Risk Watchlist Clients Exposed
时间:2024-09-29 12:30:53 出处:Leisure阅读(143)
More than 2 million records potentially compromised in recent data breach (Image: Shutterstock).
An exclusive Dow Jones & Co. watchlist of more than 2.4 million high-risk clients was unintentionally exposed due to a misconfigured and unsecured Elasticsearch database hosted on Amazon Web Services.
Thewill putting pillows in the dryer kill bed bugs directory was discovered Feb. 22, 2019 by security researcher Bob Diachenko, who found it after a third-party company left it open without a password. “Used by eight of the world’s ten largest, global, financial institutions Dow Jones Watchlist is statistically proven to be the most accurate, complete, and up-to-date list of senior PEPs (politically exposed persons), their relatives and close associates,” Diachenko wrote.
The database was left sitting on a public Elasticsearch cluster 4.4GB in size and available for public access to anyone who knew where to look. The
indexed, tagged and searchable list of 2,418,862 records
(some sources place the exposed records as high as four million) included current and former politicians, individuals with alleged criminal histories and possible terrorist links, and companies under sanctions or convicted of financial crimes. The exposed records included names, addresses, locations, birthdates, genders, whether they are deceased or not, and in some cases, photographs.
In a letter published by its stable companion,
The Wall Street Journal
, Dow Jones said, “To date, our extensive review has not uncovered any direct evidence that information was stolen, and we have taken steps to stop the unauthorized access.”
Multiple security experts weighed in on the incident.
“This security lapse from the Dow adds to a growing list of organizations in 2019 that have left Elasticsearch servers unprotected, therefore exposing massive quantities of proprietary data,” Chris DeRamus, CTO, Arlington, Va.-based DivvyCloud, said. “Dow Jones suffered a similar cloud storage misconfiguration two years ago that exposed the information of 2.2 million customers." DeRamus added, organizations must realize the importance of balancing their use of the public cloud, containers, hybrid infrastructure and more with proper security controls.
Carl Wright, chief compliance officer of San Diego-based AttackIQ, observed, “This data breach is particularly egregious for both the lack of very basic protection, a password, and the extremely high degree of sensitivity of the data. There may be people on the list that are innocent, and the risky individuals are now aware they are on the list and can change their tactics to avoid detection in the future.”
Wright suggested because such leaks are often caused by gaps in security programs that can be easily detected and prevented, organizations must take proactive approaches to protect their data through continuous evaluation of their existing security controls.
Anurag Kahol, chief technology officer and founder, Campbell, Calif.-based Bitglass held, “Leaving this information unprotected is both careless and irresponsible – as is failing to address the issue in detail with the public. While all organizations need to defend their data, Dow Jones, in particular, must adhere to the highest of security standards – the type of information that they collect, store, and share demands it.”
The onus is on the enterprise to secure access to the data that is being stored within the platform. “At the most basic level, this requires the use of a password (although this alone is not sufficient for cybersecurity),” Kahol also said.
"The lists of politically exposed persons, terrorists and convicted cybercriminals are compiled and curated from a variety of third-party databases,” Robert Prigge, president, Palo Alto, Calif-based Jumio, contributed. He noted because these lists are used by a variety of companies including Dow Jones, Thomson Reuters (now Refinitiv), and ComplyAdvantage, and contain the names of politically exposed persons and known criminals the effect on the Average Joe will probably be less.
Jake Olcott, VP at Boston-based BitSight, said, "It’s no wonder that third party risk has become the most significant cyberissue for organizations around the globe. More outsourcing has created more risk."
Additionally, Todd Peterson, identity and access management evangelist at Aliso Viejo, Calif.-based One Identity, said, “Compliance doesn’t care who you are. Even the bad guys’ personally identifiable information is subject to regulatory oversight. How are they going to do their ‘jobs’ if everyone knows who they are?”
Kevin Gosschalk, CEO, San Francisco-based Arkose Labs, warned, “The concerning trend of large-scale data breaches is how easy it has become for cybercriminals to weaponize the exposed data with automation in credential stuffing attacks – putting millions of people at risk.” Gosschalk added, companies must discover, track, and monitor their attack surface.
Jonathan Deveaux, head of enterprise data protection at comforte AG, commented: “
Dow Jones & Co.
is yet another example of a company that has failed its customers without taking proper security measures – and twice now. Really, it’s a classic case of a company wanting to invest in the cool technology, in this case Elasticsearch and AWS S3 buckets, but not understanding the security ramifications of that technology.”
Deveaux explained organizations need to adopt data security to protect their data, wherever it may exist or whomever may be managing it on their behalf.
View comments
As shown below, the results in the quarter materially changed the trend in two-year stacked comps for each of the banners, along with a significant acceleration for consolidated comps.
The increase in consolidated comps was the primary driver of an 8% increase in revenues to $6.3 billion. The company ended the quarter with 15,370 locations, up less than 1% year-over-year. This reflects a 7% increase in Dollar Tree units, offset by a 4% decline in Family Dollar units.
The top-line results at each banner flowed through to their respective income statements, with Dollar Tree gross margins and operating margins declining year-over-year while Family Dollar gross margins and operating margins expanded year-over-year. On a consolidated basis, gross margins contracted by 120 basis points in the quarter to 28.5%, reflective of a shift to lower-margin consumables, tariff costs and the impact of markdowns from the Easter headwinds at the Dollar Tree banner. The company saw slight operating leverage on SG&A from higher comps, with the net result being an 80 basis point contraction in operating margins to 5.8%, with operating income declining 5% to $366 million. This is not adjusted for $73 million of pandemic-related costs, such as PPE supplies.
In the first quarter, the company opened 85 stores (net of closures) and completed 220 Family Dollar renovations to the H2 format. Importantly, comps at renovated Family Dollar stores continue to outpace the chain average by more than 10%. On the call, management indicated that they plan on reducing both the number of new store openings (from 550 to 500) and the number of H2 renovations (from 1,250 to 750) in 2020.
Personally, given the fact that Family Dollar is seeing material benefits to its business from the pandemic with new or lapsed customers coming into its stores, I think the company should try to get more aggressive with its renovation plans, not less. On the other hand, you could argue that renovations cause short-term disruptions and limit their ability to fully capitalize on the business momentum they are currently experiencing.
As a result of fewer new stores and remodels, management now expects 2020 capital expenditures to total $1.0 billion compared to previous guidance of $1.2 billion. In addition, the company has temporarily suspended share repurchases. At quarter's end, the company had $1.8 billion in cash on its balance sheet compared to $4.3 billion in total debt.
Conclusion
In recent years, Dollar Tree has been a tale of two cities. While its namesake banner has generally delivered impressive financial results, Family Dollar has been a persistent underperformer. This quarter, those results flipped, and given what we've seen in the weeks since quarter's end, there's a decent possibility that we will see something similar in the coming months. As the CEO noted, the second quarter is off to a very good start at Family Dollar.
Here's the important question: how useful is that information is in terms of making future predictions about the business? Will recent success at Family Dollar translate into long-term success for the banner? The optimistic take is that new or lapsed customers, especially those visiting the renovated stores, could become recurring business for the banner. The pessimistic take is that they have experienced short-term success out of necessity as people went to any store that was open to try and find essentials like toilet paper and hand sanitizer that were largely out of stock throughout the retail landscape. From that view, many of these customers could abandon the retailer when life returns to normal. As Philbin noted on the conference call, early on [during the pandemic], folks needed us. Will people still shop as much at Family Dollar when it's no longer a necessity?
Personally, I do not place too much weight on the recent results. I will need to see incremental data points that indicate that Family Dollar has truly won sustained business from these new customers. While I still believe that the Dollar Tree banner is a well-positioned retailer with attractive unit returns, I'm not yet willing to say the same thing for Family Dollar. For that reason, along with the recent run-up in the stock price, I plan on staying on the sidelines for now.
Disclosure: None
Read more here:
Under Armour: A Tough Start to 2020
Walmart: Continued Omni-Channel Progress
Match: An Impressive Start to 2020
Not a Premium Member of GuruFocus? Sign up for a free 7-day trial here.
This article first appeared on
GuruFocus
.
Warning! GuruFocus has detected 4 Warning Signs with DLTR. Click here to check it out.
DLTR 30-Year Financial Data
The intrinsic value of DLTR
Peter Lynch Chart of DLTR
View comments
猜你喜欢
- How Does Credit Acceptance's (NASDAQ:CACC) P/E Compare To Its Industry, After Its Big Share Price Gain?
- BRIEF-My Heart Bodibra Group Ltd Sees Increase In Loss For Nine Months
- TAL EDUCATION INVESTOR ALERT: National Litigation Firm Labaton Sucharow Announces Investigation of TAL Education Group (TAL) and Strongly Encourages Stock, Options, Derivative Investors with Losses to Contact the Firm
- US colleges in the crosshairs as coronavirus fears swirl
- Moving Average Crossover Alert: Tenable
- EUR/USD Bullish Break Kick Starts Reversal to 1.13?
- aTyr Pharma to Webcast Conference Call Reporting Third Quarter 2020 Financial Results - Management to host conference call and webcast on November 12th at 5:00 pm EST / 2:00 pm PST
- Is AquaBounty Technologies (NASDAQ:AQB) Using Too Much Debt?
- CME Group (CME) Reports Soft May Volumes, Shares Decline