Serviceteam IT Security News

A variety of sensitive information has been there for the taking due to an unsecured cloud storage container

Over 752,000 birth certificate applications have been exposed online by an unnamed company that enables people to obtain copies of their birth and death records from state governments in the United States, TechCrunch reports. Needless to say, the exposed cache of documents includes a variety of personal information.

The leak was reported by Fidus Information Security, a company specializing in penetration testing. The applications were found on the Amazon Web Services (AWS) cloud computing platform, sitting out in the open with no password protection whatsoever. This means anyone who could guess the relatively simple web address, including bad actors, could access the records.

Although the application process varies from state to state, the ultimate goal is the same – to allow people to acquire a copy of their records. These records include sensitive personal information such as the name, date of birth, current home address, email and phone number. On top of that, the applications also include the names of family members, historical information such as past addresses, or the reason behind applying for the documents.

The affected cache included applications dating all the way back to 2017. The company that runs the service added approximately 9,000 applications to the repository in a single week. The authenticity of the data was verified by TechCrunch by comparing them against public records.

As shocking as this leak may look at first glance, it is not an isolated case. Over a 12-month span  between June 2018 and May 2019, a total of 2.3 billion files were discovered exposed online due to misconfigured or non-secured file storage and sharing technologies. Organizations’ Amazon S3 buckets accounted for 8 percent of the total exposure. On the other hand, AWS rolled out the ‘Block Public Access’ feature last year, which has mitigated the problem. But it has not stopped the problem entirely.

Data leaks from misconfigured public-facing file repositories may result in identity theft and fraud. Although this concrete case occurred in the United States, it’s worth noting that these kinds of security lapses may lead to stiff penalties under the European Union’s General Data Protection Regulation (GDPR).

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!