Over 80 US Municipalities’ Sensitive Information, Including Resident’s Personal Data, Left Vulnerable in Massive Data Breach
I’ve been cutting down on the number of leaks I report that just seem like attempts to get publicity for firms. But this one affects government, so I am linking to it.
WizCase’s team of ethical hackers, led by Ata Hakçıl, has found a major breach exposing a number of US cities, all of them using the same web service provider aimed at municipalities. This breach compromised citizens’ physical addresses, phone numbers, IDs, tax documents, and more. Due to the large number and various types of unique documents, it is difficult to estimate the number of people exposed in this breach. There was no need for a password or login credentials to access this information, and the data was not encrypted.
Over a 100 US cities appeared to be using the same product, mapsonline.net, provided by an American company named PeopleGIS. The data of these municipalities was stored in several misconfigured Amazon S3 buckets that were sharing similar naming conventions to MapsOnline. Due to this, we believe these cities are using the same software solution. Our team reached out to the company and the buckets have since been secured.
Read more on WizCase.
DataBreaches.net emailed PeopleGIS earlier this morning to ask them whether they would confirm that they were responsible for the leak or if they claimed that others were responsible. They were also asked what they have done in the wake of this incident to prevent another similar incident. No reply has been received by the time of this publication.