Another day, another breach. Another day, another breach. This morning while sipping on my coffee I read about a security breach that the Metropolitan Companies Inc. suffered recently. The MetropolitanCompanies is a conglomerate of companies that provide services ranging from temporary worker placement to interpreter and translation services.On April 21, 2014 they detected a breach of their systems by a third party. It appears that this third party, whomever they may be, snuck in through a backdoor and removed documents from the system. Once the company detected the breach they disabled access to the system and called in a forensics team to ascertain the extent of the breach.After some poking and prodding it was determined that the intruders had access to personally identifiable information such as name, address, phone, email, SSN, date of birth and so on, and so on. Basically enough data for an identity thief’s wet dream. No indication was given as to the duration of the breach beyond the date of discovery.So, what are Metropolitan doing about the situation? They’re sending out letters to affected customers and offering one year of free credit reporting. An interesting caveat is that they’re only providing monitoring for people over the age of 18 who have a Social Security Number and an address in the US. I’m figuring that they have no affected customers/clients outside of the United States. So, what else is taking place?From Metropolitan: We want to assure you that we have taken extensive measures to strengthen our IT security and prevent this type of event from happening again. This includes increasing firewall protections, enhancing threat detection and monitoring capabilities, and improving other data security measures.“Increasing firewall protections” sounds like there was an oops in their firewall configuration. Not to beat on them in this case but, more to point out that configuration errors such as firewall rules that are “any-any” show up far too often when a firewall admin is under the gun by a project that has “C-suite visibility” or simply just doesn’t care.When is the last time you conducted an audit of your firewall rule base?(Image used under CC from CJS*64) Related content news The end of the road By Dave Lewis May 30, 2017 3 mins Security news WannaCry...ransomware cyberattack as far as the eye can see By Dave Lewis May 15, 2017 4 mins Security news HITB Amsterdam: hackers, waffles and coffee oh my By Dave Lewis Apr 21, 2017 3 mins Security news Fail to patch and wait for the pain By Dave Lewis Apr 20, 2017 3 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe