Earth-i risk score

Section 1: Company Overview
Earth-i is a commercial Earth-observation and geospatial analytics company that collects, processes, and delivers satellite imagery and derived intelligence to government, commercial, and research clients. As a mid-sized technology firm with global customers, Earth-i handles high-volume, high-sensitivity datasets — including imagery tied to locations, timestamps, and often customer-identifiable metadata. The company’s services span real-time monitoring, analytics-as-a-service, and bespoke data products; this operational profile makes data confidentiality, integrity, and availability central to its risk posture and regulatory compliance obligations.

Section 2: Historical Data Breaches
The supplied background indicates Earth-i has experienced multiple notable data-handling failures. An early third-party access issue resulted in unauthorized retrieval of several thousand consumer records via a vendor credential in the mid-2000s; after investigation the exposure count was refined downward but it demonstrated weak third-party access controls. A separate incident in 2019 involved an attorney’s transmission of an unprotected 1.4 GB bundle of client files during litigation, exposing names, identifiers, and commercial-sensitive portfolio information; that disclosure highlighted lapses in secure legal workflows and document handling. More recently, in June 2023, Earth-i reported an internal data leak when an employee routed confidential customer information to a personal account; approximately 10,000 customer records were affected. The company’s responses have included notification of affected parties, termination of the responsible employee, and incremental policy updates, but the recurrence of differing failure modes (third-party access, accidental legal disclosure, and insider mishandling) points to systemic weaknesses rather than isolated human error.

Section 3: Recent Security Breach
The June 2023 incident appears to be the most consequential recent event. It was not the result of an external compromise but an internal control failure: an employee sent customer data to a personal mailbox, bypassing safeguards. Earth-i’s immediate actions included account monitoring for impacted customers, termination of the staff member involved, and policy revisions. While those are appropriate first responses, the event underscores gaps in data loss prevention (DLP), user activity monitoring, and least-privilege enforcement. The incident also emphasizes the economic and reputational impact of insider-originated breaches for a data-intensive provider like Earth-i.

Section 4: Evaluation of Digital Security
An independent assessment summarized a mixed and concerning security posture. Key technical findings include roughly 1,000 deficiencies related to phishing and malware resistance, which suggests insufficient end-user protections and endpoint hygiene. Network scanning identified one potentially exploitable control weakness, and website analysis flagged 1,866 issues — the vast majority tied to SSL/TLS configuration weaknesses (approximately 1,865 instances), indicating risks to data-in-transit. Identity and credential management weaknesses appear material: 15% of employees were using previously breached passwords and an inventory found over 16,000 corporate credentials exposed in external sources. Aggregated, these issues produced an overall security score in the low 70s out of 100, below recommended benchmarks for firms handling sensitive geospatial and customer data.

Independent expert commentary in the evaluation stressed three recurring themes: (1) technical misconfigurations (particularly TLS/SSL) that make external services and web interfaces vulnerable; (2) inadequate credential hygiene and insufficient multi-factor authentication coverage; and (3) human-factor exposure — both phishing susceptibility and insider risk. The combination of high counts of web and SSL issues, widespread credential exposure, and thousands of phishing/malware vulnerabilities creates a compounding attack surface where an initial compromise could enable data exfiltration at scale.

Conclusion: Is Earth-i Safe?
Earth-i is not currently at an acceptable security posture for a provider of sensitive geospatial data. Historical incidents (third-party access, accidental legal disclosure, and an insider leak) plus a subpar security score (≈71/100), pervasive SSL misconfigurations, large-scale credential exposure, and significant phishing/malware vulnerabilities together indicate elevated risk of future breaches. Immediate priorities: deploy organization-wide DLP and endpoint detection, remediate SSL/TLS and web-application issues, enforce MFA and rotate compromised credentials, and conduct targeted staff training and privileged-access reviews. Addressing these areas will materially reduce financial, reputational, and privacy exposure and help Earth-i meet sector expectations for data protection.