Contributors

Adam Vidler

Senior Associate
Antoine Brier
Arran Brooker

Senior Associate - Corporate & Commercial
Atousa Saddighzadeh

Associate
Daniel McCartney
David Ponsford

Partner
Elizabeth Russell

Associate
Emma Myers

Partner and Head of Private Client
Frank Jennings

Partner & Head of Commercial
Gulcin Kashano
Guy Zarins

Associate - Corporate & Commercial
Jack Nearney

Associate Solicitor
Jessica Verrall

Trainee
Kelly Clarke

Real Estate Associate
Luke Shelley

Associate
Luke Turtle

Senior Associate
Rachel Bertie

Paralegal - Dispute Resolution
Reem Kar

Trainee
Reetu Chopra
Robyn Dann

Associate
Roisin Kavanagh

Associate
Sam Rippon

Partner
Sarah Emerson

Partner
Sing Li

Senior Associate - Corporate & Commercial
Tamara Fisch

Trainee - Commercial Litigation
Tom Ginot

Associate
Wing Ming Choi

Associate - Dispute Resolution

Teacher Stern Archive

MEGA problem with cloud security

Frank Jennings

June 23, 2022

https://www.passle.net/Content/Images/passle_logo-186px.png Passle https://passle.net

Frank Jennings

A cloud storage and file hosting provider has released a security update to address vulnerabilities that could have exposed data, even though the data had been encrypted. New Zealand-based, MEGA, has over 250m registered users from over 200 countries and users have uploaded 120bn distinct files. The report says the vulnerability is highly complicated for outsider threats but not as challenging for rogue MEGA employees.

Thankfully it appears no accounts were comprised before the security update. Researchers 1 - 0 Hackers. Nevertheless, this is the kind of story that would keep the average CTO, CIO or CISO awake at night. Is everything in order?

Strong approach to security? Cyber Essentials? ISO27001? Appropriate technical & organisational measures to protect data?
Registration with the appropriate regulator?
Contract with the supplier containing robust obligations including indemnities for data breaches?
Action plan to minimise the potential damage from a data leak?
Insurance cover?

Of course, there's only so much diligence you can do on your provider and you can't make everything 100% safe. But you should remember not all businesses recover from a data leak. How sure are you your data is safe?

If you need advice, contact me f.jennings@teacherstern.com or +44 (0) 20 7611 2338.

{

Researchers have shown that vulnerabilities in the encryption algorithm allowed them to access users' encrypted data

https://www.bleepingcomputer.com/news/security/mega-fixes-critical-flaws-that-allowed-the-decryption-of-user-data/

unknownx500

More posts by Frank Jennings

AI - the end of humans?

Frank Jennings

Filming without consent

Frank Jennings

Ofcom investigates BT contracts

Frank Jennings

Will ChatGPT replace lawyers? Part 2

Frank Jennings

Fail to plan = plan to fail

Frank Jennings

Recent posts from Teacher Stern

International Women's Day - Kate Kenneally

Tamara Fisch, Reem Kar, Wing Ming Choi

International Women's Day - Amelia Richards

Tamara Fisch, Wing Ming Choi, Reem Kar

International Women's Day - Jennifer Slater

Tamara Fisch, Wing Ming Choi, Reem Kar

International Women's Day - Elizabeth Russell

Tamara Fisch, Wing Ming Choi, Reem Kar

International Women's Day - Vanessa Cassidy

Tamara Fisch, Wing Ming Choi, Reem Kar

repost cancel

As a free user, you can follow Passle and like posts.

To repost this post to your own Passle blog, you will need to upgrade your account.

For plans and pricing, please contact our sales team at sales@passle.net

Sorry, you don't have permission to repost or create posts.

cancel