Subject: Possible PocketiNet Data Leak
A PocketiNet archived directory, known as an Amazon S3 container or bucket in Amazon’s cloud, was unintentionally left unsecured. The container labeled “tech” contained mostly historical documentation pertaining to the PocketiNet core network information including pictures of tower sites, network diagrams, documentation files, software and some expired network passwords stored in a personal ex-employee file (not our standard practice). Most of this archived information was not current and out of date. While the files were unsecured there is no indication that any of these files were accessed by anyone other than an outside security firm who notified us the container was visible. It is our belief that this “security firm” used this to advance their own agenda and published an article without our consent. PocketiNet staff worked to secure the container. It is now secure. Please note. This was NOT our customer billing/CRM system where customer records are stored. Those have been and are secure.
What are we doing to rectify and avoid similar future situations?
PocketiNet views this incident as a warning shot that will not cause any harm to our customers. We are taking this situation very seriously and have dedicated our management team’s efforts to a full review of our network security policies and procedures.
PocketiNet policy has been updated requiring employees, on a companywide basis, to maintain security and observe best practices when handling corporate and/or customer data. To that end we are updating our cybersecurity policies and procedures to ensure that such exposure does not reoccur.
Question: How am I affected in this situation? At this time there is no indication in our research that any customer information was accessed. As stated most of the information contained network documentation on our network topology including sites, switches, and routers. Even with such information it is not particularly useful and doesn’t identify individual customers. Each customer has their own router that provides a firewall between their internal network and the Internet.
Question: Should I be concerned about my Internet connection or service? Whenever you do a transaction on the internet it should be on a HTTPS site with current credentials. This is a secure encryption between your computer or device and the destination server on the other end. There is no way to monitor such details as PocketiNet does not store or sell any customer data. Your transactions are secure. It is a good practice to update your individual account passwords at least quarterly and perhaps monthly for banking institutions.
Question: I am still confused about the process, who should I talk to? If you have any concerns or future questions you may call PocketiNet at 509-526-5026 and ask for Marshall Keymer. Our focus at this point is to make you, our customer, comfortable with the actions taken and answer any questions you may have.
Thank you for your understanding regarding this unfortunate situation. Your business and your trust are of the utmost importance to us. We are sorry to have allowed this situation to occur. We can assure you, our entire team is working with the utmost diligence to avoid anything like this happening in the future.