In February 2018, security researchers found over 100,000 documents containing highly personal information and including passports, driving licences and security IDs completely accessible to the public in an unsecured Amazon S3 bucket. Like far too many other breaches involving unsecured cloud buckets, the attackers were not even asked for a password to gain access to the sensitive data.
The company said there was no indication the data had been misappropriated.
The problem seemed to stem from a third party company called Bongo International LLC, which was shut down in 2017. Security researcher Bob Diachenko said: “Technically, anybody who used Bongo International services back in 2009-2012 is at risk of having his or her documents scanned and available for many years”.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions