Lauding themselves as a premier provider of secure email provider for small business, enterprise, educational and government institutions worldwide, Securence found themselves roiled in controversy as their claims regarding their email services backfired. Securence, the business-unit arm of the Minnetonka, MN, based Internet Service Provider, U.S. Internet Corp, “specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide.” This blog post comes from KrebsonSecurity, where the debacle in Minnetonka was covered.
Securence inadvertently exposed over a decade’s worth of internal emails from both their organization and thousands of clients. Discovered by cybersecurity firm Hold Security, a public link to an email server listed over 6,500 domain names, including sensitive communications from businesses, educational institutions, and government agencies worldwide. The worst for Securence, though, was the internal messages from U.S. Internet and USI Wireless customers, their parent companies customers’ personal emails, were exposed in the breach, all in clear text. These files were simply sitting on the Securence web server, accessible via their website, clicks away from anyone in the world with an internet connection and web browser. Upon learning of the incident, exposed inboxes were promptly removed but U.S Internet Corp provided little clarity on the extent or duration of the exposure and left their customers wondering just how badly their privacy was invaded. Even still, and despite the breach’s magnitude, U.S. Internet has yet to disclose the incident on its website or offer a comprehensive explanation.
Clearly, the brazen breach raises significant concerns about Securence’s ability to safeguard sensitive data and calls into question its suitability as an email service provider. KrebsOnSecurity points out that the lack of accountability and transparency of the compant as a whole only servces to exacerbate the severity of the situation. While the proper response from authorities and regulators remains unclear, it is evident that U.S. Internet must undergo substantial reforms to regain trust and ensure the security of its clients’ data.
Leave a Reply