e360 Blog

What Baltimore’s 311 Data Breach Tells Us About Cybersecurity and Public Safety

Written by Brad Bussie | Jul 19, 2024 3:28:43 AM

This article is taken from Episode 26 of the State of Enterprise IT Security podcast.

Watch the Clip:

 

Recently, an important cybersecurity incident came to light. A cyber research team uncovered a massive data breach involving Baltimore City's 311 services. They discovered a publicly accessible database that was completely unsecured, lacking proper security measures. This wasn't a minor leak – it involved 13.5 million reports dating back to 1989.

What Was Exposed?

The exposed data included names, email addresses, and phone numbers of Baltimore residents who had used the 311 service. The breach went even further, revealing details about traffic accidents, housing complaints, road issues, and even reports of illegal activities. While some of this information is typically made public by the city, the level of detail and personal information in this breach far exceeded what should ever be shared.

The Real Danger

The most alarming aspect of this situation is the potential threat to public safety. Baltimore has one of the highest homicide rates in the country. Some residents used the 311 service to report criminal activities, believing their identities would remain confidential. The thought of these individuals having their personal details exposed is not just a privacy concern – it's a serious safety issue that could put lives at risk.

What Needs to Change

This incident serves as a stark reminder of the need for better protection of digital infrastructure, especially for public services. Several key areas need immediate attention:

  • Strengthen security measures: All public-facing databases must have robust authentication and authorization protocols. There can be no weak links.
  • Implement regular security audits: A set-it-and-forget-it approach is dangerous. Regular audits and vulnerability assessments are essential.
  • Practice data minimization: Storing less sensitive information reduces the potential impact of a breach.
  • Increase public transparency: Citizens need to be informed about what data is being collected and how it's protected. Transparency is key to building and maintaining public trust.

The Bottom Line

The Baltimore 311 data breach is more than just a technological mishap – it's a threat to public safety. These incidents must be treated as urgent wake-up calls, prompting immediate action to protect the individuals who trust public services with their information. It's not merely about compliance with regulations; it's about safeguarding communities and protecting people.