- Some customer data was left in an insecure state that could have allowed anyone with read level access to view the data.
Why it happened?
- The statement said it had not been determined exactly how it happened but that a security policy on a subset of data in an internal database was removed which could have allowed the data to be accessed by users without the proper clearance.
- The data had been copied from their production servers to allow queries to more efficiently be run against it while not affecting customer interactions with the Wyze systems.
What is the company doing about it?
- They issued a very long statement detailing what they thought had happened and according to the statement are reviewing their internal security controls and ensuring that all employees are trained in how to properly implement and maintain them.
- I was impressed at the depth of the detail they went into with the statement. It shows that customer experience and customer privacy are important to them.
- This is a perfect segway into one of my previous episodes where I talked about how publicly traded companies have to comply with the Sarbanes-Oxley act regarding internal controls. This does not apply to Wyze Labs since it is a privately held company according to CrunchBase.
- Please go back and review Episode #12 – Ball and Chain of Custody.