Exploit: Insider Risk
Adafruit: Open-Source Hardware
Risk to Business: 2.847 = Moderate
An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.
Individual Risk: 2.802 = Moderate
Exposed data for users may include names, email addresses, shipping/billing addresses, order details and order placement status via payment processor or PayPal.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.