An online company used a cloud services platform to store more than 752,000 U.S. birth certificate applications, and the applicants’ personal information was unprotected and exposed!
The online application process allowed customers to apply to their state’s record-keeping authority, which is the department of health for most states, to obtain a copy of their historical records.
The exposed data went as far as late-2017, and it included personal information – an applicant’s name, date of birth, current and past home addresses, email addresses, phone numbers, family member names, the reason for application, including reasons of applying for a passport or researching family history.
The online company used Amazon Web Services (AWS), which is cloud services platform offering governments, companies, and individuals database storage, content delivery, and on-demand computing power, that is securable. Then how was the data exposed? The online company simply did not secure it with a password! This error allowed anyone the ability to access the data so long as they knew the web address, which was very easy to guess.
This exposure was discovered by a penetration detection company. As the online company did not respond to the penetration company, the penetration testing company reached out to AWS and the local data protection authority to provide warning of the exposed data. Amazon Web Services did not intervene in implementing security measures capable on their cloud platform, but informed the online company that their information was not secured.
What can you do to make sure your client or customer information remains confidential?
· Hire a penetration testing company
A penetration testing company can ensure and reassure a company that information that should be protected is actually protected! It can test and pinpoint any exposed personal and confidential information. When exposed data is identified, a penetration testing company can help implement an immediate action plan to protect the sensitive data, before an attacker reaches it and compromises valuable information and company trust.
Contact LIFARS Today For
Penetration Testing Services
Credits:
https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/
