Nuvem Legal Notice: Protected Whistleblower Disclosure
Nuvem Legal Notice: Protected Whistleblower Disclosure
10/24/23, 10:40 PM Gmail - RE: Madeira Access/Environment and Plan Review
A R <rojas.albert@gmail.com>
RE: Madeira Access/Environment and Plan Review
Albert Rojas <arojas@nuvem.com> To: Luigi Squillante <Luigi@nuvem.com>
Cc: "rojas.albert@gmail.com" <rojas.albert@gmail.com>
Thu, Oct 19, 2023 at 11:11 AM
What's premature? They have a sysadmin prerequisite, a "master key" to everything including our pii data as you know.
I would not be doing my job for you if after altering the team Tuesday with the "master key" prerequisite and nobody
responding.
Thank you for acting today after my alert with you. I just saw the email from David attached IMG_0051.jpeg
Get Outlook for iOS
Albert Rojas
Cloud Data Administrator
(Formerly 340Basics)
888-356-6225
From: Luigi Squillante <Luigi@nuvem.com>
Sent: Thursday, October 19, 2023 10:52 AM
To: Albert Rojas <arojas@nuvem.com>
Cc: rojas.albert@gmail.com <rojas.albert@gmail.com>
Subject: RE: Madeira Access/Environment and Plan Review
We did not give them access to anything yet so though I understand your thoughts they are premature
Luigi Squillante
VP, Research & Development
516-962-4665
(Formerly 340Basics)
888-356-6225
From: Albert Rojas <arojas@nuvem.com>
Sent: Thursday, October 19, 2023 10:50 AM
To: Luigi Squillante <Luigi@nuvem.com>
Subject: Re: Madeira Access/Environment and Plan Review
That's exactly how a breach happens, 3rd parties having access to all of it granted by the owner.
https://mail.google.com/mail/u/0/?ik=2da7c112d1&view=pt&search=all&permmsgid=msg-f:1780197166122925303&dsqt=1&simpl=msg-f:1780197166122925303 1/310/24/23, 10:40 PM Gmail - RE: Madeira Access/Environment and Plan Review
This is exactly how TIAA Bank was breached earlier this year, a third party working for TIAA and TIAA
granting them admin access to load into their ERP (in addition to without any SSO provisioning):
https://www.google.com/search?q=TIAA+bank+breach
Get Outlook for iOS
Albert Rojas
Cloud Data Administrator
(Formerly 340Basics)
888-356-6225
From: Luigi Squillante <Luigi@nuvem.com>
Sent: Thursday, October 19, 2023 10:02 AM
To: Albert Rojas <arojas@nuvem.com>
Cc: rojas.albert@gmail.com <rojas.albert@gmail.com>
Subject: RE: Madeira Access/Environment and Plan Review
It is not your place to submit breach information especially since they are working for us it is not a breach.
Luigi Squillante
VP, Research & Development
516-962-4665
(Formerly 340Basics)
888-356-6225
From: Albert Rojas <arojas@nuvem.com>
Sent: Thursday, October 19, 2023 9:56 AM
To: Luigi Squillante <Luigi@nuvem.com>
Cc: Albert Rojas <arojas@nuvem.com>; rojas.albert@gmail.com
Subject: RE: Madeira Access/Environment and Plan Review
I know its my 4th day, but please we cannot provision f., a sysadmin account for Maderia access to our
servers. We can workaround this so that Maderia can still get system stats without having a master key to
our server and pii data as you know.
I submitted a breach notice with hhs.gov so that we protect Nuvem.
I’m on my way to the office as I have been taking the 7:15am DB calls which I am going to stop taking so I
can be at the office before 10am as requested. Hopefully 9:30am as long as the S1 buses are running. The
LIRR train is perfect.
Respecfully,
Al Rojas
Albert Rojas
Cloud Data Administrator
Gmail - RE: Madeira Access/Environment and Plan Review
(Formerly 340Basics)
888-356-6225
-----Original Appointment-----
From: David Frattaroli <dfrattaroli@nuvem.com>
Sent: Wednesday, October 18, 2023 12:42 PM
To: David Frattaroli; David Frattaroli; Eitan Blumin; Ben Hazan; Steven Zanone; Michael Larke; Joel
Ignatovich
Cc: Shai Fiss; Luigi Squillante; Albert Rojas
Subject: Madeira Access/Environment and Plan Review
When: Thursday, October 19, 2023 1:00 PM-1:30 PM (UTC-05:00) Eastern Time (US & Canada).
Where: Microsoft Teams Meeting
All, I apologize for the back and forth. This will be the last time change.
Agenda:
Address requirements in attached PDF.
Establish ETAs for access/environment, installation of SQL Sentry, Analysis, etc.
________________________________________________________________________________
Microsoft Teams meeting
Join on your computer, mobile app or room device
Click here to join the meeting
Meeting ID: 252 359 963 437
Passcode: XTipbm
Download Teams | Join on the web
Learn More | Meeting options
________________________________________________________________________________
2 attachments
IMG_0051.jpeg
261K
nuvem-finalregisted-highres-smallsize_3668769a-5169-48e8-a72b-
a94fa97a34e0.png
36K
Formal Whistleblower Disclosure filed under 18 U.S.C. § 1833(b). No classified, sealed, or proprietary materials are included.