All news in category “Incidents and Data Breaches”

🔒 The UpGuard Cyber Risk team found an open rsync server owned by Level One Robotics that exposed 157 GB of files for more than 100 manufacturing customers, including major automakers. Exposed materials included factory CAD schematics, robotic configurations, NDA texts, VPN and badge request forms, employee ID scans, and corporate financial records. After notification, Level One closed the exposure promptly.

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible AWS S3 bucket containing a 1.2 TB ndjson file with 48 million records belonging to LocalBlox. The dataset included names, addresses, dates of birth, scraped LinkedIn and Facebook content, Twitter handles, and blended data from sources like Zillow. UpGuard notified LocalBlox on February 28, 2018, and the bucket was secured the same day. This exposure highlights the real-world risk of simple cloud misconfigurations.

🔒 An UpGuard researcher discovered a publicly accessible Amazon S3 bucket exposing Viacom’s internal provisioning and cloud credentials. The archive—found under the subdomain "mcs-puppet"—contained seventy-two incremental .tgz backups with Puppet manifests, configuration files, GPG decryption keys and the AWS access key and secret. Viacom was notified on August 31, 2017 and the exposed buckets were secured within hours, preventing active compromise.

🔓 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee exposing a 145MB zip file that contained a CSV of roughly 6.2 million email addresses. The unprotected bucket granted global authenticated FULL_CONTROL, allowing anyone with a free AWS account to access or modify contents. The file, last modified in 2010 and named EmailExcludeClinton.csv, appears to be an exclusion list and includes consumer, .edu, .gov, and .mil domains. UpGuard notified DSCC and the bucket was secured the following day.

🔒 UpGuard discovered an unauthenticated Elasticsearch instance exposing roughly 22 million web-request records tied predominantly to Leakzone, a forum for illicit data and hacking tools. The logs contained domains, client IPs, geolocation and ISP metadata, and request sizes spanning late June through the July 2025 discovery. Analysis shows widespread use of public proxies and VPN exit nodes, with much traffic routed through major cloud providers, limiting reliable geolocation.

🔒 UpGuard disclosed that an unsecured MongoDB instance belonging to Neoclinical, an Australia–New Zealand clinical-trial matching service, exposed a database of 37,170 user profiles. The records included names, contact details, geocoordinates, dates of birth and structured answers to trial-qualification questions that revealed sensitive health information and potential illicit drug use. A researcher found the database on July 1, attempted email and phone contact, escalated to AWS on July 25, and public access was removed on July 26. UpGuard secured the database to prevent further public exposure.

⚠️ UpGuard identified on 13 January 2020 a public GitHub repository containing sensitive material tied to an Amazon Web Services engineer. The repo, roughly 954 MB when downloaded, included personal identity documents, bank statements, log files, AWS key pairs (including a file labeled rootkey.csv), private keys, passwords and third-party API tokens. UpGuard analysts detected the exposure within half an hour, notified AWS Security early that afternoon, and the repository was taken out of public view the same day. Rapid detection and remediation appear to have prevented escalation; there is no evidence of malicious intent or end-user data compromise.

🔓The database of Omaha-based voting machine vendor Election Systems & Software was left publicly accessible on an Amazon S3 bucket, exposing records for 1.864 million Chicago voters. The exposed MSSQL backups included names, addresses, dates of birth, phone numbers, driver’s license numbers and the last four digits of Social Security numbers. UpGuard discovered the open bucket on Aug 11, 2017 and notified ES&S, which closed access the next day.

🔓 In May 2019 UpGuard researchers discovered publicly accessible HCL pages that exposed personal information, plaintext passwords for new hires, and detailed project reports. The data was dispersed across multiple subdomains and web UIs, including HR dashboards, recruiting approval panels, and a SmartManage reporting interface. After notifying HCL's Data Protection Officer, the researcher confirmed the anonymous-access pages were taken offline within days. The incident underscores the risk of misconfigured application pages and the importance of clear reporting channels and prompt incident response.

🔎 UpGuard discovered an unauthenticated Elasticsearch index containing roughly 22 million web-request records, of which about 95% referenced leakzone.net. The logs included client IP addresses, destination domains, request sizes, geolocation data and ISP metadata, spanning June 25 to discovery on July 18, with about one million requests per day. Analysis found extensive use of public proxies and clustered VPN exit nodes, alongside many one-off IPs likely representing direct users. The dataset raises privacy and operational concerns for visitors, service operators, and investigators.

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

🔒 UpGuard Research discovered a publicly accessible AWS S3 bucket containing roughly 60 GB of MSSQL backups uploaded by a Spartan Technology employee, exposing South Carolina justice-system records spanning 2008–2018. The dataset included about 5.2 million arrest-event rows, tens of millions of related records, and sensitive PII such as names, dates of birth, driver’s license numbers and roughly 17,000 Social Security numbers. Permissions included the "AuthenticatedUsers" group, enabling broad access; Spartan removed public access the same day after notification.

🔒 UpGuard discovered a public GitHub repository on 13 January 2020 containing an Amazon Web Services engineer’s personal identity documents and numerous system credentials. The repository included AWS key pairs (including a file named rootkey.csv), API tokens, private keys, passwords, logs, and customer-related templates. UpGuard reported the exposure to AWS Security within hours and the repository was secured the same day. The incident highlights how rapid leak detection can prevent accidental disclosures from escalating.

🔒 The UpGuard Cyber Risk Team discovered an Amazon S3 bucket for LA County 211 that was publicly accessible and contained Postgres backups and CSV exports with sensitive data. A 1.3GB t_contact export included millions of records, roughly 200,000 detailed call notes and 33,000 Social Security numbers, alongside 384 user accounts with MD5-hashed passwords. The exposure dated from 2010–2016; UpGuard notified the service in March–April 2018 and confirmed the bucket was closed within 24 hours of contact.

🔓 On October 3, 2017 UpGuard researcher Chris Vickery discovered a publicly accessible Amazon S3 bucket belonging to National Credit Federation containing 111 GB of internal and customer records. The repository included scanned IDs, Social Security card images, full credit reports from Equifax, Experian, and TransUnion, personalized credit blueprints, and full bank and card numbers. National Credit Federation secured the bucket after notification and UpGuard found no evidence of theft in this report. The case underscores the necessity of validating cloud storage permissions and continuously monitoring third-party risk.

🔒 UpGuard researchers discovered on August 30, 2017 a publicly accessible Amazon S3 bucket named “mcs-puppet” containing seventy-two .tgz backup archives that included Puppet manifests, configuration files, keys, and credentials tied to Viacom. The repository exposed AWS access and secret keys, GPG decryption keys, and scripts referencing services such as Docker, Jenkins, Splunk, and New Relic. UpGuard notified Viacom on August 31, and the exposure was secured within hours. The incident demonstrates how cloud misconfigurations can reveal master provisioning controls and enable widespread infrastructure compromise.

🔓 UpGuard discovered an Amazon S3 bucket owned by LocalBlox that was publicly accessible, exposing a 1.2 TB ndjson archive containing approximately 48 million personal profiles. The dataset aggregated names, addresses, dates of birth, scraped LinkedIn and Facebook content, Twitter handles, and other identifiers used to build psychographic profiles. UpGuard notified LocalBlox and the bucket was secured on February 28, 2018. The incident highlights how a simple cloud misconfiguration can compromise consumer privacy and enable targeted influence at scale.

🔓 UpGuard disclosed that an unsecured Medcall Healthcare Advisors Amazon S3 bucket exposed roughly 7 GB of sensitive information, including PDF intake forms, CSV files containing full Social Security numbers, and 715 recorded patient-doctor and operator calls. The bucket was publicly readable and writable with an 'Everyone - Full Control' ACL and was taken offline after UpGuard notified Medcall. The case underscores the danger of vendor misconfiguration and third-party exposure of protected health information.

🔓 Level One Robotics left 157 GB of sensitive customer, employee, and corporate files accessible via an unrestricted rsync server, exposing CAD drawings, factory layouts, robotic configurations, NDAs, identity documents, and banking records for over 100 manufacturing clients. UpGuard discovered the exposure on July 1, 2018 and began outreach on July 5; after contact on July 9, Level One remediated the server by July 10. The incident underscores third- and fourth-party supply-chain risk and the need to restrict file-transfer services by IP and authentication, enforce vendor security standards, and maintain rapid exposure-response procedures.

🔒 UpGuard researchers discovered a publicly accessible MongoDB database belonging to Neoclinical, exposing profiles for 37,170 users in Australia and New Zealand. Records included names, contact details, geocoordinates, dates of birth and structured health-screening answers that revealed diagnoses and treatments. UpGuard notified the company and AWS; access was removed on July 26. The exposure underscores the need for proper access controls and rapid incident response.