All news with #breach tag

The RNC Files: Largest US Voter Data Exposure Report

🔓 This UpGuard report describes a publicly accessible Amazon S3 data warehouse owned by Deep Root Analytics that contained 1.1 TB of unsecured files and linked datasets from Data Trust and TargetPoint. The exposed records included personally identifiable information for up to 198 million US voters alongside modeled political attributes and scoring. UpGuard discovered the bucket on June 12, 2017; Deep Root secured it after notification, and the report details discovery, contents, and implications for election data privacy.

Student Loan Servicer Breach Exposes 2.5M Consumer Records

🔒 Nelnet Servicing, the servicing and portal provider for EdFinancial and the Oklahoma Student Loan Authority, disclosed a breach affecting 2,501,324 account holders. The incident exposed names, home addresses, email addresses, phone numbers and social security numbers, but did not include users' financial account data. Nelnet said its cybersecurity team secured systems, engaged third‑party forensic experts, and offered two years of credit monitoring, credit reports and up to $1 million in identity theft insurance. Security specialists warned the exposed PII could be used in targeted phishing and social‑engineering campaigns tied to student loan forgiveness news.

DSCC S3 Misconfiguration Exposes 6.2M Email Addresses

🔒 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee (DSCC) that publicly exposed about 6.2 million email addresses. The unprotected archive, EmailExcludeClinton.zip, contained a comma-separated .csv of addresses from major ISPs, universities, government and military domains and was last modified in 2010. UpGuard notified the DSCC on July 26, 2019, and the bucket was secured the same day. The incident highlights persistent operational risks in campaign data handling.

Open NAS Exposed Thousands' PII at Maryland JIA Systems

🔒 UpGuard discovered a publicly accessible network-attached storage (NAS) device belonging to the Maryland Joint Insurance Association (JIA), exposing backups and administrative files. The repository contained customer PII—including full Social Security numbers, birth dates, addresses, phone numbers, insurance policy identifiers, and check images showing full bank account numbers—alongside plaintext internal credentials and third-party access details. UpGuard notified JIA and the device was secured; the exposure highlights serious configuration and vendor-risk failures that can rapidly put vulnerable policyholders at risk.