Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server
Patrick Howell O’Neill reports:
A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years.
The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports, financial histories, credit card numbers and bank account numbers, according to Chris Vickery, a researcher at the cybersecurity firm UpGuard. File upload dates suggest the public exposure extends back to June 2015.
Vickery discovered the data after finding an Amazon Web Services S3 cloud storage bucket used by the company was configured for public access.
Read more on CyberScoop.