Industry News

Unsecured AWS bucket exposes personal data of 750,000 U.S. residents

Organizations handling highly sensitive data belonging to U.S. residents are not doing enough to protect their customers’ personal information, as a recent discovery illustrates.

A group of pen testers have found more than a quarter of a million applications for copies of birth certificates on an Amazon Web Services (AWS) storage bucket left wide open to anyone who guesses the URL. TechCrunch verified the data by matching it against public records. The bucket was not protected with a password, which led to the discovery by the UK-based penetration testing firm.

More than 720,000 applications for copies of birth certificates were exposed, alongside 90,400 death certificate applications. The records of the deceased could not be accessed or downloaded. However, the same could not be said of the birth certificate applications, which, TechCrunch says, exposed “the applicant’s name, date-of-birth, current home address, email address, phone number and historical personal information, including past addresses, names of family members and the reason for the application — such as applying for a passport or researching family history.”

At press time, the unnamed company that leaked the data had not responded to inquiries. The local data protection authority has also been informed, but is apparently taking its time responding to the incident.

Security lapses involving exposed AWS buckets are a leading cause of identity theft and fraud in the United States. Crafty cyber crooks buy this granular personal data on the dark web and use it to weave together fraud and phishing campaigns, SMS scams, and even extortion schemes.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.