Forgotten or unprotected databases are responsible for more data breaches than most businesses would like to admit, says security firm Imperva.
A classic example is the data breach announced on 13 April by Australian software firm Atlassian, said Amichai Shulman, chief technology officer at Imperva.
The company said the breach potentially exposed passwords for customers who purchased Atlassian products before July 2008.
Atlassian said it had migrated its customer database in July 2008 and encrypted passwords, but the old database table was not taken offline or deleted.
"It is this database table that we believe could have been exposed during the breach," said Atlassian chief executive Mike Cannon-Brookes in a blog post.
The database contained sensitive information, but once it was not used as a production system it was forgotten, said Shulman.
"Unmanaged systems put sensitive data residing on them at a high risk - unmanaged systems are the top targeted systems," he said.
To protect sensitive data, it is imperative that organisations scan their networks to discover all databases and ensure they are managed and under control, said Shulman.
Failure to protect information can cost UK companies dearly with the Information Commissioner's Office able to impose fines of up to £500,000 for data breaches since 6 April 2010.