welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Your Contractor's Weaknesses Are Your Cybersecurity Weaknesses

Clearview AI, a facial recognition company that contracts with law enforcement agencies, recently announced that an intruder accessed its entire client list.

 

According to The New York Times, the organization has scraped three billion images from the internet, including from Facebook, YouTube, and Venmo. Law enforcement officials have turned to Clearview for help, particularly to identify the victims of child sexual abuse. 

 

Clearview AI told customers that a third party "gained unauthorized access" to its list of customers; the number of user accounts those customers had set up; and, the number of searches its customers have conducted. The notification said that no law-enforcement agencies' search histories were compromised.

 

The organization stated that the intruder, had not breached its servers or compromised its systems or network. It said that it fixed the vulnerability that allowed the unauthorized access. Betsy Swan "Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen" thedailybeast.com (Feb. 26, 2020).

Commentary

Your organization’s private data is only as safe as the cybersecurity protections of your contractors that store it.

Before contracting with a third party, examine their cybersecurity protections and policies. Only work with contractors that enforce cyber protections that are at least as stringent as your own.

The selected contractors should only be allowed to access the data they need to perform their role. Be suspicious of any contractor that requests excessive access or information. Only work with those that recognize the responsibility of possessing private data and only request the minimum required, including data about your organization.

Finally, your opinion is important to us. Please complete the opinion survey: