All news with #breach tag

Verizon Cloud Leak: NICE Systems Exposed Customer Data

🔓 UpGuard discovered an Amazon S3 repository owned by NICE Systems that left call-support logs for Verizon publicly accessible. The exposed files contained names, addresses, phone numbers, account details and many unmasked account PINs tied to phone numbers, creating a significant risk of account takeover. UpGuard notified Verizon and the bucket was secured; the incident highlights third-party cloud misconfiguration risk and the need for stronger vendor controls.

TigerSwan S3 Exposure: Thousands of Resumes Leaked

🔓 UpGuard's Cyber Risk Team discovered an Amazon S3 bucket named "tigerswanresumes" that was publicly accessible, exposing 9,402 resumes and application documents submitted to TigerSwan. The files contained contact details, work histories, and sensitive identifiers — including passports, partial Social Security numbers, driver’s license numbers, and 295 resumes claiming Top Secret/SCI clearances. UpGuard notified TigerSwan and followed up repeatedly; the bucket remained accessible for roughly a month before it was secured. TigerSwan said the exposure resulted from a former recruiting vendor.

Maryland JIA NAS Misconfiguration Exposes PII, Credentials

🔒 The UpGuard Cyber Risk Team discovered a publicly exposed, misconfigured NAS belonging to the Maryland Joint Insurance Association (JIA) that contained backup customer and operational files. The repository included full Social Security numbers, bank account and check images, insurance policy data, and plaintext administrative credentials including remote access and third-party ISO ClaimSearch logins. UpGuard notified JIA on discovery; the exposure was secured and is no longer active.

Misconfigured Amazon S3 Exposed Tea Party Campaign Data

🔓 On August 28, 2018 the UpGuard Cyber Risk team discovered a publicly readable Amazon S3 bucket named tppcf containing roughly 2GB of campaign files belonging to the Tea Party Patriots Citizens Fund (TPPCF). The data included call lists with full names and phone numbers for about 527,000 individuals, along with strategy documents, call scripts, and marketing assets. UpGuard notified TPPCF on October 1; permissions were briefly set to allow global authenticated users and then removed by October 5. The incident illustrates how cloud misconfiguration can expose sensitive political microtargeting data and create significant privacy risks.

AggregateIQ GitLab Leak Reveals Political Targeting Tools

🔓 The UpGuard Cyber Team discovered a publicly accessible GitLab repository belonging to AggregateIQ that exposed code, tools, and credentials used in political data operations. The leak includes an apparent campaign platform called Ripon, state configuration files, voicemail scripts, and integrations for services like Twilio and Facebook. Exposed keys, tokens, and AWS credentials raise risks of misuse and highlight ties between AIQ and Cambridge Analytica that warrant further investigation.

Viacom Cloud Leak Exposed Master Controls and Keys

🔒 UpGuard researchers discovered on August 30, 2017 a publicly accessible Amazon S3 bucket named “mcs-puppet” containing seventy-two .tgz backup archives that included Puppet manifests, configuration files, keys, and credentials tied to Viacom. The repository exposed AWS access and secret keys, GPG decryption keys, and scripts referencing services such as Docker, Jenkins, Splunk, and New Relic. UpGuard notified Viacom on August 31, and the exposure was secured within hours. The incident demonstrates how cloud misconfigurations can reveal master provisioning controls and enable widespread infrastructure compromise.

Medico Inc. S3 Misconfiguration Exposes Patient Data

🔓 Medico Inc. left an Amazon S3 bucket publicly accessible, exposing nearly 14,000 documents (approximately 1.7GB) that included medical records, insurance claims, legal files, and internal business data. The UpGuard Data Breach Research Team discovered the bucket on June 20, 2019, and Medico closed it within hours after notification. The dataset contained unredacted PII such as SSNs, bank account numbers, and payment card data, and also included plaintext credentials that could enable further compromise.

Amazon Engineer Exposed Credentials via Public GitHub Repo

🔒 UpGuard discovered a public GitHub repository on 13 January 2020 containing an Amazon Web Services engineer’s personal identity documents and numerous system credentials. The repository included AWS key pairs (including a file named rootkey.csv), API tokens, private keys, passwords, logs, and customer-related templates. UpGuard reported the exposure to AWS Security within hours and the repository was secured the same day. The incident highlights how rapid leak detection can prevent accidental disclosures from escalating.

AggregateIQ Repositories Expose Multiple Brexit Sites

📂 UpGuard's analysis of exposed development repositories from AggregateIQ details source code, backups, and credentials tied to multiple pro-Brexit organizations. The findings show WordPress backups, API keys, Stripe secrets, and scripts used to build and contact supporter lists, with administrative accounts linking AIQ staff to sites such as Vote Leave, Change Britain, and the DUP. Misuse of the exposed assets could have allowed large-scale data access or payment compromise.

HCL Exposed New-Hire Passwords and Project Reports

🔓 In May 2019 UpGuard researchers discovered publicly accessible HCL pages that exposed personal information, plaintext passwords for new hires, and detailed project reports. The data was dispersed across multiple subdomains and web UIs, including HR dashboards, recruiting approval panels, and a SmartManage reporting interface. After notifying HCL's Data Protection Officer, the researcher confirmed the anonymous-access pages were taken offline within days. The incident underscores the risk of misconfigured application pages and the importance of clear reporting channels and prompt incident response.

LA County 211 Data Exposure: Emergency Call Records

🔒 The UpGuard Cyber Risk Team discovered an Amazon S3 bucket for LA County 211 that was publicly accessible and contained Postgres backups and CSV exports with sensitive data. A 1.3GB t_contact export included millions of records, roughly 200,000 detailed call notes and 33,000 Social Security numbers, alongside 384 user accounts with MD5-hashed passwords. The exposure dated from 2010–2016; UpGuard notified the service in March–April 2018 and confirmed the bucket was closed within 24 hours of contact.

Robotics Vendor Exposed Sensitive Manufacturing Data

🔓 Level One Robotics left 157 GB of sensitive customer, employee, and corporate files accessible via an unrestricted rsync server, exposing CAD drawings, factory layouts, robotic configurations, NDAs, identity documents, and banking records for over 100 manufacturing clients. UpGuard discovered the exposure on July 1, 2018 and began outreach on July 5; after contact on July 9, Level One remediated the server by July 10. The incident underscores third- and fourth-party supply-chain risk and the need to restrict file-transfer services by IP and authentication, enforce vendor security standards, and maintain rapid exposure-response procedures.

Public S3 Exposure Reveals Sensitive Customer Data at NCF

🔓 On October 3, 2017 UpGuard researcher Chris Vickery discovered a publicly accessible Amazon S3 bucket belonging to National Credit Federation containing 111 GB of internal and customer records. The repository included scanned IDs, Social Security card images, full credit reports from Equifax, Experian, and TransUnion, personalized credit blueprints, and full bank and card numbers. National Credit Federation secured the bucket after notification and UpGuard found no evidence of theft in this report. The case underscores the necessity of validating cloud storage permissions and continuously monitoring third-party risk.

Election Systems & Software Exposed 1.8M Chicago Voters

🔓The database of Omaha-based voting machine vendor Election Systems & Software was left publicly accessible on an Amazon S3 bucket, exposing records for 1.864 million Chicago voters. The exposed MSSQL backups included names, addresses, dates of birth, phone numbers, driver’s license numbers and the last four digits of Social Security numbers. UpGuard discovered the open bucket on Aug 11, 2017 and notified ES&S, which closed access the next day.

Medcall S3 Misconfiguration Exposed Medical Records

🔓 UpGuard disclosed that an unsecured Medcall Healthcare Advisors Amazon S3 bucket exposed roughly 7 GB of sensitive information, including PDF intake forms, CSV files containing full Social Security numbers, and 715 recorded patient-doctor and operator calls. The bucket was publicly readable and writable with an 'Everyone - Full Control' ACL and was taken offline after UpGuard notified Medcall. The case underscores the danger of vendor misconfiguration and third-party exposure of protected health information.

LocalBlox S3 Misconfiguration Exposes 48M Records Publicly

🔓 UpGuard discovered an Amazon S3 bucket owned by LocalBlox that was publicly accessible, exposing a 1.2 TB ndjson archive containing approximately 48 million personal profiles. The dataset aggregated names, addresses, dates of birth, scraped LinkedIn and Facebook content, Twitter handles, and other identifiers used to build psychographic profiles. UpGuard notified LocalBlox and the bucket was secured on February 28, 2018. The incident highlights how a simple cloud misconfiguration can compromise consumer privacy and enable targeted influence at scale.

Marketing PR Platform Exposed Data of Hundreds of Thousands

🔓 UpGuard identified an Amazon S3 bucket tied to iPR Software that publicly exposed over a terabyte of files, including a 17 GB MongoDB backup. The collection contained 477,000 media contacts, approximately 35,000 hashed passwords, client marketing assets, internal PR strategy documents, and credentials for Google, Twitter, and a MongoDB host. UpGuard notified iPR in October 2019; public access was removed in late November after follow-up and media engagement.

Google Files Lawsuit to Dismantle BadBox 2.0 Botnet

🔒 Google has filed a lawsuit in New York federal court targeting the operators of the BadBox 2.0 botnet, which compromised over 10 million uncertified devices running the Android Open Source Project. In partnership with HUMAN Security and Trend Micro, Google’s Ad Traffic Quality team identified preinstalled malware used for large-scale ad fraud and other illicit activity. Google updated Play Protect to automatically block BadBox-associated apps and is coordinating with the FBI to further disrupt the criminal operation.

Exposed rsync Server Leaks Oklahoma Securities Data

🔒UpGuard discovered and secured a publicly accessible rsync server holding roughly three terabytes and millions of files belonging to the Oklahoma Department of Securities. The exposed content included personal records, large email archives, virtual machine images, investigative files, and administrative credentials that threatened the agency’s network integrity. UpGuard notified state personnel and public access was removed on December 8, 2018.

Rsync Misconfiguration Exposes Over One Million Leads

🔓 A publicly accessible rsync repository tied to Blue Chair LLC subsidiaries, including Target Direct Marketing and Gragg Advertising, exposed backups and web configuration files containing personally identifiable information for over one million people. The leak included MySQL backups (≈5 GB) with a peg_historical table listing names, addresses, emails, phone numbers and education details. Gragg Advertising moved quickly after notification and secured the service within an hour, but the incident underscores risks from misconfigured rsync services and weak data retention practices.