• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

Unsecured storage bucket exposes applications for birth certificate copies

by Cyber360 News
December 11, 2019
in Data Breach
0
Unsecured storage bucket exposes applications for birth certificate copies
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

A leaky Amazon Web Services storage bucket has exposed more than 752,000 applications requesting copies of birth certificates.

A report yesterday by TechCrunch said the unsecured data set dates back to late 2017, but was just recently discovered by U.K.-based penetration testing company Fidus Information Security. The data is managed by a company that helps individuals obtain birth and death certificate copies from U.S. state government authorities. The company has not yet been identified.

Applications included such information as names, birth dates, current and past home addresses, email addresses, phone numbers, family member names and reasons for requesting the application. Over 90,000 death certificates were reportedly stored on the bucket as well, but those weren’t accessible.

James Carder, CSO and vicepresident of LogRhythm Labs, said in emailed comments that this particular data leak is “extremely damaging on many fronts, even when compared to previous breaches involving misconfigured cloud storage buckets.”

“First and foremost, there is a damage in trust as it relates to the states’ and governments’ ability to protect your information,” Carder continued. Additionally, “it also exposed very sensitive personally identifiable information… Some of this information can be easily changed, but some of it can never be changed. And combined, it totals about one third of what’s needed to have unfettered access to people’s identities. The only other details needed are a driver’s license or passport and Social Security number, and many people have already had this information compromised in other breaches – including the Equifax and Marriot breaches.”

TechCrunch reports that both its own stuff and Fidus attempted to reach the company that manages the data set, but they received only automated responses and no corrective action was taken.

“Examples such as this show just how important it is for consumers to know precisely which companies are part of the software supply chain delivering any given service to them. That repeated contacts went unanswered is a clue that the company delivering this service likely is being operated using a high degree of automation and with a limited understanding of how valuable the data they interact with might be,” said Tim Mackey, principal security strategy at Synopsys’ Cybersecurity Research Center (CyRC). “Properly securing any data store is 101-level work, but we consistently see companies omitting this critical task from their ‘go-live’ checklist.”

“Service providers and processors need to wake up to the reality that data needs to be protected in a data-centric fashion to eliminate the risks of having a lapse or lack of due diligence,” added Warren Poschman, senior solutions architect at comforte AG. “Adopting a data-centric protection model ensures that data is protected anywhere it is stored, moved, shared or used and is the only true firebreak that can quench identity theft.”

Cyber360 News

Cyber360 News

Next Post
Hackers Can Tweak Intel CPU Voltage To Steal Cryptocurrency

Hackers Can Tweak Intel CPU Voltage To Steal Cryptocurrency

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In