It's being reported that the data breach from the Panama law firm, Mossack Fonseca, was due to the use of outdated, unpatched software, namely Wordpress and Drupal Content Manager Systems.
This is yet another breach that indicates the devastation that stolen data can cause - far beyond monetry value. Law firms such as Mossack Fonseca may not understand the ramifications behind leaving software unpatched and out of date - leaving the doors effectively open to hackers.
Using statistics from our website security solution FGX-Web, up to 85% of Wordpress and Magento websites run out of date software.
Let this be a lesson to us all, patch, patch, PATCH! The majority of breaches investigated by Foregenix have resulted from out of date, unpatched software, where well-documented vulnerabilities have been exploited.
Mossack Fonseca has two main websites: its front-facing website, which runs on WordPress; and a customer portal for sharing sensitive information with customers, which runs Drupal. Both of those sites were running outdated versions of the software and in both cases significant security holes existed that would have allowed hackers access.