Unsecure Amazon S3 bucket Exposes IDs of Airport Security Employees

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

 

Securitas AB, a Sweden-based multinational security and investigation service provider has been discovered exposing sensitive data belonging to airport employees across Colombia and Peru. Earlier this week, researchers at SafetyDetectives uncovered a whopping 3 terabytes of data containing over 1.5 million files, thanks to one of its misconfigured Amazon S3 servers. 

According to researchers, Securitas’s AWS S3 buckets were not appropriately secured and contained approximately 3TB of data dating back to 2018, including airport employee records. While the researchers were was not able to examine every record in the database, four airports were named in leaked files: El Dorado International Airport (COL), Alfonso Bonilla Aragón International Airport (COL), José María Córdova International Airport (COL), and Aeropuerto Internacional Jorge Chávez (PE). 

The misconfigured AWS bucket, which did not require any authentication to access, contained two main datasets related to Securitas and airport employees. These included photos of ID cards and unmarked photos. The ID card photo displayed PII information of employees such as: 

• Full nam

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: