Over 752,000 applications for birth certificate copies were leaked,all because they were not protected with a password in an Amazon Web Services (AWS) storage bucket. Long story short, plenty of personal information was divulged. The certificates were warehoused by an unidentified business that allows US citizens to acquire copies of birth and death documents from state governments in the United States.
An Amazon storage bucket is a public cloud resource that enables users to store data objects, such as HTML websites, payment information, etc. Many companies are using them, but they don’t usually store personal information without a password. So far, no one has named the company in question because it has yet to respond to research team inquiries about the privacy glitch.
All applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket. The bucket also had 90,400 death certificate applications, but these could not be retrieved or transferred. The bucket wasn’t safeguarded with a password, so anyone who knew the website existed could log in to access the data.
Birth Certificate Application Site Details
The storage bucket was not password protected and therefore, anyone could access the data through the website. Even though the US state’s application procedure fluctuates, it allows Americans to submit an application to the state’s record-keeping agency to get a copy of their history. The application contains the applicant’s:
- Date of birth
- Current home address
- Email address
- Phone number
- Historical and other personal information, including former addresses, family member names and reasons for the application and research family history.
A UK-based infosec company found the certificates. The leak is yet another example of a company neglecting to protect data stored using online storage services.
Past Data leaks in AWS servers
Unfortunately, this is not the first time an unprotected AWS server has resulted in a high-level data leak. Not too long ago, Amazon’s marketplace was hacked in May of this year, and the hackers were able to steal money from retailers using Amazon to sell their products. Months later, Netflix and other large corporations had data exposed in an open Amazon AWS bucket amounting to 1TB worth of information.
Typically, these instances are due to poor security measures. Hackers are progressively ready to target unprotected cloud data stores like the one exposed above. Service providers and processors need to open their eyes and realize that data needs to be protected in a proactive way to reduce the risks of having a mistake or lack of due thoroughness.
New Orleans in a State of Emergency After Discovering Suspicious Activity
Early morning on Friday, December 13, the City of New Orleans discovered evidence of malicious activity, including phishing and ransomware attempts. Once it saw an uptick in the suspicious activity, the city mandated a shutdown of its computing devices and declared a State of Emergency. This was not the first time that Louisiana was struck with a cyberattack. In fact, it was the second instance that the State of Louisiana declared a state of emergency for cybercriminal acts.
It is common knowledge that state and local governments tend to run a heightened risk of a cyberattack due to underfunding. For this reason, agencies tend to make security an afterthought, increasing the chance that they fall victim to cybercrime. To add insult to injury, City Services tend to be a vital part of critical infrastructure. Officials at the federal, state and local level are investigating.
PoS Systems Targeted in a New Form of Sophisticated Cyberattack
Hackers harvesting payment data harvested through PoS systems is the latest cause for concern. Rather than tampering with physical devices, e.g. inserting skimmers into gas station pumps to extract cash, hackers have found a sophisticated way to infiltrate internal networks to compromise the attack surface. Visa has identified three instances where cybercriminals targeted PoS systems. A cybercrime syndicate known as FIN8 appears to be responsible for two of the attacks.
How the Cyberattacks Against PoS Systems Work
Social engineering is the method cybercriminals use to compromise a victim’s environment. Systematically, hackers are able to take control of the PoS environment. Besides the sophistication, a lack of secure infrastructure led to the cyberattack being carried out. Here’s how it happened:
- Hackers send a phishing email, convincing victim to click on link
- Once clicked, a Remote Access Trojan is inserted into the system
- Reconnaissance occurs along the attack surface, including the PoS environment
- Once in the environment, the malware inserts a RAM scraper to scrape payment card information
The card payment industry has been transitioning clients to a chip reading mechanism, which offers more security. But there are still a number of companies that have not yet migrated to the newer technology. The industry, from a cybersecurity perspective, is less fail-safe. Visa has made recommendations for companies to instill more precautions, such as tokenization, encryption, et al.
ThreatModeler Helps Organizations to Address the Urgent Need for Proper Security Measures
The security of private and sensitive data must be a top priority for organizations that process it. Organizations run the risk of losing consumer trust, further data compromises, and rising costs for remediation and imposed fines from regulating bodies. Implementing a data-centric security model guarantees that data is protected anywhere it is stored, moved, shared, or used and is the only true barrier that can reduce identity theft.
Want to Learn How to Secure Data in AWS Cloud? Threatmodeler Helps Organizations Protect Their Data
ThreatModeler is an automated threat modeling tool that strengthens an enterprise’s SDLC by identifying, predicting and defining threats across all applications and devices in the operational IT stack. This automated platform works with all types of computing environments. ThreatModeler is the first and only threat modeling tool that can provide a comprehensive, out-of-the-box solution for identifying the potential threats associated with deployment to a cloud environment and providing the correct mitigating controls.
ThreatModeler has you covered before, during and after your migration to the AWS cloud. To learn more about why ThreatModeler is an excellent choice for your enterprise, request a free evaluation of the ThreatModeler platform or contact us to speak with an application threat modeling expert today.