The distributed denial of service (DDoS) attack on law firm ACS Law that led to the leak of the personal details of thousands of illegal file-sharing suspects, highlights a hidden security weakness in unstructured data, says security firm Imperva.
But in a hasty reconstruction of the law firm's website from a back-up location, archives containing the sensitive information were copied to publicly accessible locations in the reconstructed site, according to Amichai Shulman, chief technology officer at Imperva.
"They are now going through the stuff in those archives and are making public the 'interesting' data that they find, and the more time they have to review the files the more public stuff we should expect to find," said Shulman.
According to Shulman, organisations typically focus on protecting data in its structured format within databases or as it flows out of web applications, but tend to forget about the dissemination of sensitive data from structured repository into unstructured formats such as Microsoft Office files.
It is time for organisations to get ready to fight this new battleground of keeping close track of unstructured information repositories and controlling their flow around and outside their organisation, he said.