It has been reported that an Italian electronic marine navigation charts manufacturer, Navionics, which was recently acquired by Garmin, inadvertently exposed customer and corporate information. The firm was found using a misconfigured MongoDB server that left 19GB of information relating to its products and clients, accessible to anyone on the internet. The unsecured MongoDB server contained 261,259 unique records, including email addresses, product IDs, user IDs and more. Navionics primary products offer boats, yachts and ship-owners access to real-time navigational charts.
Commenting on this, Sam Curry, Chief Security Officer at Cybereason, said “In a world of hourly data breaches and billions of dollars lost regularly in business and by consumers, the good news is that Navionics has secured an exposed database that included the names and email addresses of hundreds of thousands of customers. Thankfully, their actions limited potential damage, possible lawsuits and years of litigation if cyber criminals got their hands on sensitive information. Today’s news is again, however, a sobering reminder that as an industry we need to collectively improve security hygiene and the most basic best practices, including installing the latest patches and updating software on a regular basis. By keeping a closer eye on proprietary information and securing it the global industry wins and makes it a lot hard for cyber criminals to profit off our backs.”