Serviceteam IT Security News

A digital consultancy has accidentally leaked the personal details of thousands of US defense contractor employees after yet another misconfiguration of cloud infrastructure, it has emerged.

Washington DC-based IMGE accidentally exposed the names, phone numbers, home and email addresses of more than 6000 Boeing staff, according to The Daily Beast.

The trove featured government relations staff and senior executives, including one who apparently worked at the contractor’s advanced prototyping unit on highly sensitive technologies.

“This information was exposed as a result of human error by the website’s vendor,” a Boeing spokesperson told the news site. “Boeing takes cybersecurity and privacy seriously and we require our vendors to protect the data entrusted to them. We are closely monitoring the situation to ensure that the error is resolved quickly.”

The information itself is said to have been harvested by IMGE from a website called Watch US Fly, dedicated to “advancing and protecting American aerospace and manufacturing.”

That site requests that supporters leave their contact details for future campaigns and in order to direct their demands to fund Boeing projects to the right lawmakers, according to the report.

However, it is blocked in the UK so Infosecurity could not confirm these details.

It’s unclear how long the data was left exposed in the Amazon S3 bucket, although the Boeing employees were just a small fraction of the 50,000 individuals whose personal information was reportedly compromised by the snafu.

Chris DeRamus, CTO of DivvyCloud, explained that cloud misconfigurations like this are increasingly common as many users aren’t familiar with cloud security settings and best practices.

“It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the US government and military, as the exposed data is more than enough information for cyber-criminals to launch highly targeted attacks against those impacted to gain more confidential government information,” he added.

“Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!