Supply chain
β Supply Chain
CallX Customers (possibly Lendingtree, Liberty Mutual Insurance and Vivint among the clients) Third-Party Breach (April 2021)
Primary Source βIncident Details
US Telemarketing Biz Exposes 114,000 in Cloud Config Error. Call recordings of clients and customers on unsecured bucket. A US telemarketing company has leaked the personal details of potentially tens of thousands of consumers after misconfiguring a cloud storage bucket, Infosecurity can reveal. Third-party company: CallX.
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- CallX
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2021-04-01 Breach occurred
- 2021-03-03 Publicly disclosed