Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server
A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years. The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports, financial histories, credit card numbers and bank account numbers, according to Chris Vickery, a researcher at the cybersecurity firm UpGuard. File upload dates suggest the public exposure extends back to June 2015. Vickery discovered the data after finding an Amazon Web Services S3 cloud storage bucket used by the company was configured for public access. NCF’s exposure is the latest in a string of organizations leaving sensitive data accessible by the public via an S3 instance. There have been similar incidents impacting the National Security Agency, Department of Defense, Viacom and Verizon, all of which have been discovered by Vickery “This wasn’t secure whatsoever,” Vickery said of […]
The post Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server appeared first on Cyberscoop.