CYBER BREACH: UK marriage tax relief specialist Exposes Customers’ Personal Information
By Bethany Carl -

A UK-based company specializing in recovering marriage tax allowance funds for UK clients has suffered a damaging data leak that could have led to the potential dissemination of all its clients’ personal information. It is important to note, however, that it is impossible for us to say whether the specific server vulnerability that led to the leak, actually led to sensitive information falling into the hands of nefarious users.

As part of conducting routine server scans for potential vulnerabilities, the Website Planet team discovered that Marriage Tax Allowance Ltd misconfigured its WordPress content management system (CMS), thereby leaving the directory listing enabled for public view. This allowed anyone to browse the entire list of files stored on the website. More specifically, letters to customers, containing customer information, were written to the same directories

The vulnerability meant that anyone attempting to access the company’s directory listing could have done so without encountering basic security measures such as password protection. Accessing the correct URL allowed users to access the full pipedrive database. Read Full Story