2 min read

Flaw allowed man to access private information of other Brinks Home Security customers

Graham CLULEY

November 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Flaw allowed man to access private information of other Brinks Home Security customers

A Canadian man has revealed that the company he chose to provide security for his home was carelessly exposing the private information for other customers, even after he warned them about the problem.

When Edmonton-based Andrew Kopp had the Brinks Home Security system installed at his house he thought he was doing the right thing to protect his home and family, but - he discovered - he might actually have been unwittingly putting his personal information into the hands of online fraudsters and potential thieves.

Kopp was shockled to see that he was able to view the information of over a hundred other customers when he logged into his online Brinks Home Security account while trying to troubleshoot a problem with some door sensors.

Information Kopp could view about other customers included:

  • Names
  • Addresses
  • Emergency contacts
  • Cellphone numbers
  • Payment history
  • Details of the security systems protecting their homes

Kopp stumbled across the flaw in early 2022 and reported it to Brinks, and assumed that it would be quickly fixed.  However, as CBC reports, the problem was still present in April 2022.

Kopp reported the problem to Brinks again, and waited a few months before calling Brinks once more in early July 2022.

The problem had still not been fixed, and realising that his warning was not being taken seriously Kopp recorded his call with Brinks's customer service department:

"It's a huge customer information problem, which is why I need to speak to a manager."

Despite being promised he would receive a call from Brinks management, Kopp never received a call back, and he eventually enlisted the help of CBC's "Go Public" investigatory TV show to dig into the issue.

It was only when the media had got involved that Brinks owned up to its failure, claiming that "less than .01% of Brinks Home's total customer base had the ability to view the contact information of a small subset of other customers."

Brinks further said that "the nature of the data that was visible did not require a customer notification."

I'm not sure I can agree with that.  When it comes to something like my home's security I would want to partner with a business that was not only defending my home but that was also safeguarding my personal information.

And as for the failure for anyone at Brinks to contact Kopp about his discovery?  Brinks blamed that on their hired-in customer service rep:

"The third-party customer service representative who spoke with Mr. Kopp unfortunately did not follow the proper protocols and procedures required by Brinks Home when an escalation is requested by our customers. Once we received Mr. Kopp's direct email in September, the Brinks Home team moved quickly and addressed the issue within 24 hours with no impact to our service. We have since reinforced our protocols and trainings with the representative in question to ensure compliance with our escalation procedures."

Brinks says that no financial or banking information was visible as part of the incident, and that (as far as it knows) Kopp was "the only customer that accessed other customers' information."

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More Than 12% of Analyzed Online Stores Expose Private Backups, Study Shows More Than 12% of Analyzed Online Stores Expose Private Backups, Study Shows
Vlad CONSTANTINESCU

February 08, 2023

1 min read
Police Hacked into Encrypted Messaging Platform ‘Exclu’ to Monitor Cybercriminals Police Hacked into Encrypted Messaging Platform ‘Exclu’ to Monitor Cybercriminals
Vlad CONSTANTINESCU

February 07, 2023

1 min read
Cyberattack Sends Florida Hospital Back to Pen and Paper; Emergency Patients Diverted Cyberattack Sends Florida Hospital Back to Pen and Paper; Emergency Patients Diverted
Filip TRUȚĂ

February 07, 2023

2 min read