A prominent insurance provider in the Middle East and North Africa, inadvertently exposed sensitive client data through a misconfigured Azure Blob storage.
The breach, which was detected in September 2024, involved the exposure of approximately 22,000 files containing personal and financial information of clients across several countries, including Qatar, Kuwait, Egypt, Saudi Arabia, Jordan, and the United Arab Emirates.
Delayed Response and Resolution
The incident came to light when a security researcher discovered the misconfigured Azure Blob storage.
Despite notifying Libano-Suisse on September 8th, the company did not respond or secure the exposed data promptly.
The researcher sent multiple follow-up emails on September 19th and September 21st without receiving any acknowledgment or action from the company.
Given the lack of response from Libano-Suisse, the researcher escalated the matter by contacting the Qatar Financial Centre (QFC), which advised reaching out to the Qatar National Cyber Security Agency.
It was only after this intervention on October 7th that the Azure Blob was finally secured by October 8th.
Despite the researcher’s efforts to protect sensitive data, Libano-Suisse did not extend any gratitude or acknowledgment for their assistance.
Details of the Data Breach
The exposed data included a variety of sensitive documents such as policies, residence permits, and debit notes.
Personal information such as client names, passport numbers, policy numbers, coverage areas, dates of birth, insurance plans, and insurance periods were accessible due to the misconfiguration.
This breach highlights vulnerabilities in cloud storage management and underscores the importance of robust security protocols.
Libano-Suisse’s role as a major shareholder in GlobeMed further amplifies concerns about potential impacts on healthcare benefits management across its operations in 12 countries.
The incident raises questions about data governance practices within Libano-Suisse and similar organizations operating extensive cloud-based services.
Companies must regularly audit their cloud configurations and ensure compliance with best practices to prevent unauthorized access to sensitive information.
The Libano-Suisse incident underscores how delays in addressing security vulnerabilities can exacerbate risks and expose organizations to potential legal and reputational damage.
Also Read:
%20(1)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=A prominent insurance provider, inadvertently exposed sensitive client data through a misconfigured Azure Blob storage.){kind=link}