Another Amazon Web Services S3 cloud storage bucket has once again been left misconfigured and left exposed on the internet where anyone with a connection could have accessed the critical information.
This time it is estimated that over 123 million Americans across billions of data points have been affected.
The cloud based data source was discovered by the UpGuard Cyber Risk Team and contained data from Alteryx, a US data analytics firm. Also exposed was data from Alteryx partners Experian, a credit consumer reporting agency who is also a competitor with Equifax and the US Census Bureau.
The sensitive information said to have been stored within the AWS included home addresses, contact information, mortgage ownership, financial histories as well as American consumer analytics regarding purchasing behavior. Sadly, the breach is just another example of the risks posed by third-party vendors who have access to vital data.
Amazon S3 repository breaches are well documented with the outcome often leaving millions exposed and can lead to further attacks from criminals who act in a predatory fashion, committing identity fraud on the victims of the data breach.
Thankfully, with the European General Data Protection Regulation, which is being implemented in May 2018, organizations will be obligated to protect the information of their customers and must adhere to strict data security requirements to become compliant to the legislation. The guidelines are clear with any company found showing carelessness will be issued with steep fines.
Whenever critical data is stored, the protection of that information cannot be an afterthought. Defense measures have to be in place to reduce the threat of an attack of a breach or leak and if organizations had any uncertainties with the security currently in place then using an effective encryption-based solution removes all doubt. This will also help ensure the company is compliant with data protection laws and legislations.