Thousands of readers of one of the UK's largest financial news sites may have been victimized by the disclosure of their personal details following a major IT breach. Details of 330,000 finance enthusiasts may have been revealed after the Investment Week website failed to securely protect user information. The information, apparently stored in unsecured records, included sensitive personal information such as full names, email addresses, and other subscription-related details, including business addresses, which, given the subject of the publication, could include some of the largest British companies.
violation
The database also included unencrypted user passwords that could have been cracked if subjected to a brute force attack. The breach was discovered on April 4, but additional information was uncovered this week in a Reddit thread discovered by anonymous security researchers. Incisive Media, the publisher of Investment Week, issued a statement on April 29 in which he stated that he was "sorry" for informing readers of a "potential security breach." that could have resulted in the unauthorized disclosure of your login information on our websites." "Incisive Media takes security and data protection very seriously," the company added, noting that it had informed the Information Commissioner's Office of the breach However, the investigators who discovered the threats did not immediately hear from Incisive, meaning that it may have breached the 72-hour disclosure window required by the GDPR.