Security researchers found unencrypted customer passwords and payment information
Tech Data has announced it is investigating any misuse of valuable customer information that was discovered to be vulnerable to leaks earlier this week.
Security researchers at vpnMentor discovered a server leak that contained data including email and personal user data as well as contact and payment information for resellers as well as login and password details,
The researchers reported the leak to Tech Data twice; first, on June 2, and again on June 4, when the company responded and fixed the leak.
It is not clear how much of the vulnerable data was pertinent to the company’s UK operations.
In a statement, the company said: “Tech Data recently learned of a security vulnerability involving a server associated with our StreamOne marketplace. Within hours of learning of this, the security vulnerability was corrected, and the server was disabled.
“Based on what we know at this time, there is no evidence that the data stored on the affected server was misused for any unauthorised transactions or other fraud. We are continuing to investigate this incident and will satisfy all data reporting requirements, as needed.
“We do not store any credit card numbers or bank account details in the StreamOne marketplace. Importantly, no credentials necessary for logging into StreamOne or other Tech Data customer accounts were included on the server. While our investigation continues, we can advise that the server data may have included a combination of business data such as information found on a business card and certain other information, such as one-time-use credentials to activate a specific cloud service, and date and time of service activations.
“Tech Data takes the protection of our customers’, partners’ and employees’ data very seriously. As always, our focus is on maintaining data security and confidentiality.”
In an email to Mobile News, Tech Data UK and Ireland marketing director Linda Patterson wrote: “Our investigation is ongoing and we are reviewing all data that could have been impacted.”