IT Security News & Blog

WeTransfer Sent Customer's Files to Incorrect Recipients

Posted: 24 June 2019

Today we heard some news which had passed relatively quietly through the usual media outlets, despite it being highly embarrassing for the cloud-based managed file transfer vendor WeTransfer.

On the 21st of June 2019, WeTransfer started to send security incident email warnings to their customers. Letting them know that between the 16th and 17th of the same month, some files sent by users of the system had their files sent to the wrong recipient.

Not only does this constitute a violation of the GDPR, depending on the content of the files; but is highly embarrassing for WeTransfer as they acknowledge that they have no idea as to how this has happened.

WeTransfer Email MFT Mistake

As a result of this problem, WeTransfer decided to log some user accounts out and initiate a reset password process. This is a curious approach to the issue they have suffered, with some commentators and websites pointing out that this could be a sign of something more sinister, such as a network breach.

However, it is important to point out that at this stage we do not have any information to confirm this.

For more information about this security incident and how it develops, please refer to WeTransfer's security notice on their website.

 

How Ipswitch MOVEit Can Help

While WeTransfer's customers would undoubtedly be surprised and upset by this development, some may find their views on using cloud software for the transfer of sensitive data too risky, now justified.

Ipswitch MOVEit Transfer is a well-known and respected managed file transfer solution which is available in three architectural flavours: cloud, Microsoft Azure and crucially, an on-premise self-hosted software option.

Comparable to the process of sending a file in WeTransfer, MOVEit Transfer can mimic the action of sending an email with an attachment but securing the attachment using encryption, and therefore protecting its content from unauthorised access.

Ipswitch MOVEit Transfer is not capable of sending sensitive content to unknown recipients through cross-contamination, for the simple reason that it is not a shared environment, as WeTransfer is.

If you would like to learn more about MOVEit Transfer and how it can help with your need to transfer sensitive files and messages, you can book a meeting with one of our solution specialists.

 

Systematic Case Study for Ipswitch MOVEit

Topics: Managed File Transfer, Data Security, Sensitive Documents, Email Security

Chris Payne

Written by Chris Payne

Managing Director - Advanced Cyber Solutions