image credit: Wikimedia Commons

LenovoEMC Storage Gear Leaks Sensitive Financial Data

July 17, 2019

Researchers are warning of a vulnerability in LenovoEMC storage hardware and legacy Iomega-branded network attached storage (NAS) appliances that could lead to a breach of data stored on the devices. The bug, disclosed Tuesday by Lenovo, is rated high-severity and can be triggered via specially crafted requests made to the hardware’s application programming interface.

The vulnerability was discovered by researchers who stumbled on 36 terabytes of data, which included sensitive financial information such as payment-card numbers and financial records.

“In the fall of 2018, during a search on, software designed to monitor network security, a Vertical Structure employee discovered a pattern of unmarked files that looked out of place,” wrote researchers who reported the bug, in a blog about their research Tuesday.

Read More on Threat Post