DJI’s certified letter to notify customers of data breach

Over the Holidays, people started to report on social media and in forums that they had received certfied letters in the mail from DJI.  The letter, titled “NOTICE OF DATA BREACH“, warns DJI’s customers that their personal information, such as full name, address, date of birth, photo, and identification number (e.g., passport number or driver’s license number) as well as scanned photo identification such as ID cards and passports, stored on a server in the U.S., may have been accessible to unauthorized users.

Continue Reading

DJI fires software developers involved in data security breach and responds publicly to Bug Bounty case

In a public statement addressing the Bug Bounty case with Kevin Finisterre, DJI also informs us that they’ve fired the software developers, who were involved in the cyber-security breach of the DJI customer data stored on the AWS servers.

DJI does not shy away from making public statements to set the record straight or at least to provide their side of the story. They have done so in the case of the attack on DJI’s Aeroscope. DJI also responded when a drone struck an airplane in Quebec. And now after Kevin Finisterre publicly posted his reasons for walking away from the top bounty of $30k of DJI’s Bug Bounty Program, DJI releases their public statement, in which they point out the actions they have been taking to remedy the issues. One of which was the firing of the software developers who were responsible for data security.

Continue Reading