All news with #breach tag

Misconfigured NICE Systems S3 Exposed Verizon Customer Data

🔒 A misconfigured Amazon S3 repository administered by NICE Systems exposed names, addresses, account details and PINs tied to Verizon customers; UpGuard estimated up to 14 million affected while Verizon disputed a 6 million figure. The publicly accessible bucket contained daily voice-log files and large text archives with unmasked fields such as PIN and CustCode, alongside call analytics metadata. UpGuard notified Verizon in June 2017 and remediation followed, but the incident underscores the severity of third-party cloud misconfigurations and vendor-managed data risk.

111 GB Customer Data Exposure at National Credit Federation

🔓UpGuard discovered 111 GB of internal customer records from National Credit Federation stored in a publicly accessible Amazon S3 bucket, including names, addresses, dates of birth, scanned driver’s licenses and Social Security cards, full bank and credit card numbers, and complete credit reports. The repository contained personalized credit blueprints and videos showing employee access. UpGuard notified the company, which promptly secured the bucket. The case highlights the need for rigorous cloud permission controls and continuous configuration monitoring.

AggregateIQ Files Part Three: Monarch and Saga Tools

🔎 The UpGuard Cyber Risk Team details a public discovery of AggregateIQ repositories that exposed sophisticated political targeting tools. The report highlights project families Monarch and Saga, describing ad-scraping scripts, pixel trackers, and ingestion services that link Facebook ad activity to web behavior. Exposed credentials and AWS assets amplify privacy and oversight concerns.

Misconfigured S3 Exposed Tea Party Campaign Assets Online

🔓 UpGuard disclosed that an Amazon S3 bucket belonging to the Tea Party Patriots Citizens Fund (TPPCF) publicly exposed roughly 2GB of campaign materials and call lists. The files—largely PDFs and images from the 2016 election cycle—contained strategy documents, marketing assets, and call records listing full names, phone numbers and VoterIDs for about 527,000 individuals. Upon notification on October 1, 2018, TPPCF restricted bucket permissions within hours and removed access by October 5. The incident underscores how cloud misconfiguration can turn organizational data into a large-scale privacy breach with political implications.

Public S3 Exposure: LocalBlox Leak of 48M Records Incident

🔓 The UpGuard Cyber Risk Team discovered a publicly accessible AWS S3 bucket containing a 1.2 TB ndjson file with 48 million records belonging to LocalBlox. The dataset included names, addresses, dates of birth, scraped LinkedIn and Facebook content, Twitter handles, and blended data from sources like Zillow. UpGuard notified LocalBlox on February 28, 2018, and the bucket was secured the same day. This exposure highlights the real-world risk of simple cloud misconfigurations.

iPR Data Exposure: 477,000 Media Contacts and Keys

🔒 UpGuard researchers discovered a publicly accessible Amazon S3 bucket belonging to iPR Software, containing backups, internal documentation, and a dataset of approximately 477,000 media contacts. The collection included over 35,000 hashed passwords, a 17 GB MongoDB backup that expands substantially when restored, and credentials for services such as Twitter and a MongoDB hosting provider. UpGuard notified iPR on October 24 after detecting the bucket on October 15, and public access was removed on November 26; the exposure underscores risks from misconfigured cloud storage for vendors managing client data.

Long Island Medical Practice Exposed 42,000 Patient Records

🔓 UpGuard discovered a publicly accessible rsync repository exposing medical and personal data tied to Cohen Bergman Klepper Romano MDS PC, a Long Island practice. The repository contained over 42,000 patient records, more than three million medical notes, and physicians’ PII including Social Security numbers. A .pst backup and virtual disk revealed staff home addresses and family details. UpGuard’s notification led to the exposure being secured, underscoring the need for strong access controls and formal disclosure response procedures.

OneHalf Data Exposure Exposes Employee and Client Records

🔒 UpGuard's Cyber Risk Research team discovered and secured a public GitHub-based data exposure belonging to OneHalf, a business process outsourcing firm in the APAC region. The exposed repositories contained HR and medical databases with detailed personal records for hundreds of employees, plus banking account numbers for several corporate clients. UpGuard notified OneHalf and the repositories were taken private, likely preventing further exploitation of sensitive personal and business information.

Spartan Technology Exposed South Carolina Arrest Data

🔒 UpGuard identified an unsecured AWS S3 bucket containing MSSQL backups linked to Spartan Technology, exposing records from 2008–2018. The dataset comprised roughly 60 GB across four backup files and documented about 5.2 million arrest events and approximately 26,000 unique defendants; around 17,000 unique Social Security numbers were present. Victim and witness records included names and phone numbers only. After notification on November 19, 2019, Spartan promptly removed public access and worked with researchers to secure the data.

HR Data Exposure: How Employees and Clients Are Affected

🔒 UpGuard’s Cyber Risk Research team discovered and secured a public GitHub exposure containing sensitive employee and customer data belonging to OneHalf, a business process outsourcing firm in the APAC region. The principal artifact was the HRIS project, including a 1.2MB database dump (hrisdb-02012018.sql) with detailed personal records for roughly 250 employees, extensive medical histories, emergency contacts, and 300 usernames with plaintext passwords. A related repo, ohserviceform, listed 28 client companies and plaintext banking account numbers, increasing the risk of financial fraud. UpGuard notified OneHalf and the repositories were secured by August 22, 2018.

Leakzone Exposure Reveals 22M Access Log Records and IPs

🔒 UpGuard discovered an unauthenticated Elasticsearch instance exposing roughly 22 million web-request records tied predominantly to Leakzone, a forum for illicit data and hacking tools. The logs contained domains, client IPs, geolocation and ISP metadata, and request sizes spanning late June through the July 2025 discovery. Analysis shows widespread use of public proxies and VPN exit nodes, with much traffic routed through major cloud providers, limiting reliable geolocation.

Top-Secret INSCOM Data Exposed via Public S3 Bucket

🔐 UpGuard discovered a publicly accessible Amazon S3 bucket tied to the United States Army Intelligence and Security Command (INSCOM) that contained clearly classified material, including an Oracle virtual appliance (.ova) with partitions labeled Top Secret and NOFORN. Downloadable artifacts included a plaintext ReadMe referencing the Red Disk cloud platform and a .jar used for intelligence tagging. The exposure also revealed private keys and hashed passwords linked to a third-party contractor. UpGuard notified INSCOM and the bucket was secured to prevent further access.

Neoclinical Database Exposed Sensitive Patient Profiles

🔒 UpGuard disclosed that an unsecured MongoDB instance belonging to Neoclinical, an Australia–New Zealand clinical-trial matching service, exposed a database of 37,170 user profiles. The records included names, contact details, geocoordinates, dates of birth and structured answers to trial-qualification questions that revealed sensitive health information and potential illicit drug use. A researcher found the database on July 1, attempted email and phone contact, escalated to AWS on July 25, and public access was removed on July 26. UpGuard secured the database to prevent further public exposure.

DSCC S3 Misconfiguration Exposed 6.2M Email Addresses

🔓 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee exposing a 145MB zip file that contained a CSV of roughly 6.2 million email addresses. The unprotected bucket granted global authenticated FULL_CONTROL, allowing anyone with a free AWS account to access or modify contents. The file, last modified in 2010 and named EmailExcludeClinton.csv, appears to be an exclusion list and includes consumer, .edu, .gov, and .mil domains. UpGuard notified DSCC and the bucket was secured the following day.

Viacom Cloud Leak Exposes AWS Keys and Puppet Data

🔒 An UpGuard researcher discovered a publicly accessible Amazon S3 bucket exposing Viacom’s internal provisioning and cloud credentials. The archive—found under the subdomain "mcs-puppet"—contained seventy-two incremental .tgz backups with Puppet manifests, configuration files, GPG decryption keys and the AWS access key and secret. Viacom was notified on August 31, 2017 and the exposed buckets were secured within hours, preventing active compromise.

Open Enrollment: HCL Exposed Passwords and Projects

🔓 During a routine data-leak investigation, UpGuard researchers discovered multiple publicly accessible HCL web pages that exposed employee records, plaintext passwords for new hires, and detailed project installation reports. The exposed assets spanned HR dashboards, a SmartManage reporting interface, and recruitment/admin panels across several subdomains. After notifying HCL’s Data Protection Officer, the researcher confirmed that the publicly accessible pages were secured. The incident highlights how inconsistent access controls across applications can cause significant risk.

Robotics Vendor Leak Exposed Manufacturing Secrets Worldwide

🔒 The UpGuard Cyber Risk team found an open rsync server owned by Level One Robotics that exposed 157 GB of files for more than 100 manufacturing customers, including major automakers. Exposed materials included factory CAD schematics, robotic configurations, NDA texts, VPN and badge request forms, employee ID scans, and corporate financial records. After notification, Level One closed the exposure promptly.

Public S3 Leak Exposed 1.86M Chicago Voter Records

🔓 UpGuard’s Cyber Risk Team discovered a publicly accessible AWS S3 repository tied to Election Systems & Software (ES&S) that contained multiple backups and a 12 GB MSSQL database. The data set included about 1.864 million Chicago voter records with names, addresses, dates of birth, phone numbers, driver’s license numbers and partial Social Security numbers. The bucket, labeled “chicagodb,” was found on August 11, 2017; ES&S was notified and the exposure was secured by August 12, 2017. This incident highlights vendor misconfiguration risk and the need for rigorous vendor risk management and configuration checks.

Medcall S3 Misconfiguration Exposed Patient Medical Records

🔓 An UpGuard analyst discovered an unsecured Amazon S3 bucket belonging to Medcall Healthcare Advisors that publicly exposed roughly 7 GB of sensitive data. The datastore included intake PDFs, audio and video recordings of patient-operator-doctor calls, and CSV files containing full Social Security numbers and other PII. The bucket's ACL granted 'Everyone - Full Control', allowing anonymous read/write access and permission changes. Medcall closed the bucket after notification on August 31.

Public S3 Exposure Tied to Booz Allen and NGA Incident

🔒 UpGuard’s Cyber Resilience Team discovered a publicly exposed Amazon S3 repository containing plaintext SSH keys and administrative credentials tied to a Booz Allen engineer and contractor metadata pointing to NGA‑related projects. After initial notification to Booz Allen, UpGuard escalated the issue to the NGA, which secured the repository within minutes. Booz Allen acknowledged the report later that day, and UpGuard preserved the downloaded dataset at the government’s request. The incident highlights the real‑world risk of simple misconfiguration and third‑party vendor security posture.