All news with #pii tag

Leakzone Exposure Reveals 22M Access Log Records and IPs

🔒 UpGuard discovered an unauthenticated Elasticsearch instance exposing roughly 22 million web-request records tied predominantly to Leakzone, a forum for illicit data and hacking tools. The logs contained domains, client IPs, geolocation and ISP metadata, and request sizes spanning late June through the July 2025 discovery. Analysis shows widespread use of public proxies and VPN exit nodes, with much traffic routed through major cloud providers, limiting reliable geolocation.

Neoclinical Database Exposed Sensitive Patient Profiles

🔒 UpGuard disclosed that an unsecured MongoDB instance belonging to Neoclinical, an Australia–New Zealand clinical-trial matching service, exposed a database of 37,170 user profiles. The records included names, contact details, geocoordinates, dates of birth and structured answers to trial-qualification questions that revealed sensitive health information and potential illicit drug use. A researcher found the database on July 1, attempted email and phone contact, escalated to AWS on July 25, and public access was removed on July 26. UpGuard secured the database to prevent further public exposure.

DSCC S3 Misconfiguration Exposed 6.2M Email Addresses

🔓 UpGuard researchers discovered an Amazon S3 bucket tied to the Democratic Senatorial Campaign Committee exposing a 145MB zip file that contained a CSV of roughly 6.2 million email addresses. The unprotected bucket granted global authenticated FULL_CONTROL, allowing anyone with a free AWS account to access or modify contents. The file, last modified in 2010 and named EmailExcludeClinton.csv, appears to be an exclusion list and includes consumer, .edu, .gov, and .mil domains. UpGuard notified DSCC and the bucket was secured the following day.

AggregateIQ Code Leak Exposes Political Targeting Tools

🔓 UpGuard disclosed that a large GitLab repository belonging to AggregateIQ was publicly accessible, exposing source code, configuration files, and numerous credentials. The leak included applications and tools — notably projects named Ripon_canvas and Ripon_dialer — designed to manage voter databases, microtargeting, canvassing, and automated outreach. Credentials for Facebook apps, Twilio, AWS, and other services were present, raising the risk of account takeover and large-scale data harvesting. UpGuard linked the repository to work for US campaigns and reported ties to Cambridge Analytica, with further technical analysis promised in subsequent reports.

Amazon Engineer Exposed Credentials in Public GitHub Repo

⚠️ UpGuard identified on 13 January 2020 a public GitHub repository containing sensitive material tied to an Amazon Web Services engineer. The repo, roughly 954 MB when downloaded, included personal identity documents, bank statements, log files, AWS key pairs (including a file labeled rootkey.csv), private keys, passwords and third-party API tokens. UpGuard analysts detected the exposure within half an hour, notified AWS Security early that afternoon, and the repository was taken out of public view the same day. Rapid detection and remediation appear to have prevented escalation; there is no evidence of malicious intent or end-user data compromise.

Open Enrollment: HCL Exposed Passwords and Projects

🔓 During a routine data-leak investigation, UpGuard researchers discovered multiple publicly accessible HCL web pages that exposed employee records, plaintext passwords for new hires, and detailed project installation reports. The exposed assets spanned HR dashboards, a SmartManage reporting interface, and recruitment/admin panels across several subdomains. After notifying HCL’s Data Protection Officer, the researcher confirmed that the publicly accessible pages were secured. The incident highlights how inconsistent access controls across applications can cause significant risk.

LA County 211 Data Leak Exposes Sensitive Call Records

⚠️ UpGuard disclosed a public data exposure affecting the Los Angeles County 211 helpline. An Amazon Web Services S3 bucket was configured for public access and contained database backups and CSV exports, including a 1.3GB t_contact export with records from 2010–2016. Exposed items included credentials (384 users, MD5-hashed passwords), contact lists, and over 200,000 detailed call notes describing abuse, suicidal ideation, addresses, phone numbers, and 33,000 Social Security numbers. After notification in March–April 2018 the bucket was secured within 24 hours, but the incident highlights critical cloud misconfiguration risks.

Robotics Vendor Leak Exposed Manufacturing Secrets Worldwide

🔒 The UpGuard Cyber Risk team found an open rsync server owned by Level One Robotics that exposed 157 GB of files for more than 100 manufacturing customers, including major automakers. Exposed materials included factory CAD schematics, robotic configurations, NDA texts, VPN and badge request forms, employee ID scans, and corporate financial records. After notification, Level One closed the exposure promptly.

Public S3 Leak Exposed 1.86M Chicago Voter Records

🔓 UpGuard’s Cyber Risk Team discovered a publicly accessible AWS S3 repository tied to Election Systems & Software (ES&S) that contained multiple backups and a 12 GB MSSQL database. The data set included about 1.864 million Chicago voter records with names, addresses, dates of birth, phone numbers, driver’s license numbers and partial Social Security numbers. The bucket, labeled “chicagodb,” was found on August 11, 2017; ES&S was notified and the exposure was secured by August 12, 2017. This incident highlights vendor misconfiguration risk and the need for rigorous vendor risk management and configuration checks.

Medcall S3 Misconfiguration Exposed Patient Medical Records

🔓 An UpGuard analyst discovered an unsecured Amazon S3 bucket belonging to Medcall Healthcare Advisors that publicly exposed roughly 7 GB of sensitive data. The datastore included intake PDFs, audio and video recordings of patient-operator-doctor calls, and CSV files containing full Social Security numbers and other PII. The bucket's ACL granted 'Everyone - Full Control', allowing anonymous read/write access and permission changes. Medcall closed the bucket after notification on August 31.

ISP Exposes Admin Credentials via Misconfigured S3 Bucket

🔒 The UpGuard Cyber Risk team discovered a 73 GB dataset belonging to Washington ISP Pocket iNet publicly exposed in a misconfigured Amazon S3 bucket named pinapp2. The exposed files included plain text administrative passwords, AWS access keys, network diagrams, device configurations, inventories, and photographs of physical infrastructure. UpGuard notified Pocket iNet on discovery (October 11, 2018); the bucket remained exposed for seven days and was secured on October 19 after repeated contact. The incident highlights the dangers of storing secrets in public object storage and recommends using secrets managers, encryption, and hardened S3 ACLs.

TigerSwan S3 Exposure: Thousands of Resumes Leaked

🔓 UpGuard's Cyber Risk Team discovered an Amazon S3 bucket named "tigerswanresumes" that was publicly accessible, exposing 9,402 resumes and application documents submitted to TigerSwan. The files contained contact details, work histories, and sensitive identifiers — including passports, partial Social Security numbers, driver’s license numbers, and 295 resumes claiming Top Secret/SCI clearances. UpGuard notified TigerSwan and followed up repeatedly; the bucket remained accessible for roughly a month before it was secured. TigerSwan said the exposure resulted from a former recruiting vendor.

Maryland JIA NAS Misconfiguration Exposes PII, Credentials

🔒 The UpGuard Cyber Risk Team discovered a publicly exposed, misconfigured NAS belonging to the Maryland Joint Insurance Association (JIA) that contained backup customer and operational files. The repository included full Social Security numbers, bank account and check images, insurance policy data, and plaintext administrative credentials including remote access and third-party ISO ClaimSearch logins. UpGuard notified JIA on discovery; the exposure was secured and is no longer active.

Misconfigured Amazon S3 Exposed Tea Party Campaign Data

🔓 On August 28, 2018 the UpGuard Cyber Risk team discovered a publicly readable Amazon S3 bucket named tppcf containing roughly 2GB of campaign files belonging to the Tea Party Patriots Citizens Fund (TPPCF). The data included call lists with full names and phone numbers for about 527,000 individuals, along with strategy documents, call scripts, and marketing assets. UpGuard notified TPPCF on October 1; permissions were briefly set to allow global authenticated users and then removed by October 5. The incident illustrates how cloud misconfiguration can expose sensitive political microtargeting data and create significant privacy risks.

Leakzone Elasticsearch Exposure Reveals Visitor IP Logs

🔎 UpGuard discovered an unauthenticated Elasticsearch index containing roughly 22 million web-request records, of which about 95% referenced leakzone.net. The logs included client IP addresses, destination domains, request sizes, geolocation data and ISP metadata, spanning June 25 to discovery on July 18, with about one million requests per day. Analysis found extensive use of public proxies and clustered VPN exit nodes, alongside many one-off IPs likely representing direct users. The dataset raises privacy and operational concerns for visitors, service operators, and investigators.

Public Exposure of Tetrad Consumer Data Sets in S3

🔓 UpGuard Research discovered a publicly accessible Amazon S3 bucket containing detailed consumer data attributed to Tetrad, including files derived from Experian Mosaic, Claritas/PRIZM, and client-supplied datasets covering over 120 million U.S. household records. The exposure included full names, addresses, gender, Mosaic codes, and retailer account and purchase information. UpGuard notified Tetrad in early February and, after repeated contact, the company removed public access and secured the bucket. The dataset's breadth raises significant privacy and targeted-risk concerns for individuals and communities.

Neoclinical Database Exposed Sensitive Health Data

🔒 UpGuard researchers discovered a publicly accessible MongoDB database belonging to Neoclinical, exposing profiles for 37,170 users in Australia and New Zealand. Records included names, contact details, geocoordinates, dates of birth and structured health-screening answers that revealed diagnoses and treatments. UpGuard notified the company and AWS; access was removed on July 26. The exposure underscores the need for proper access controls and rapid incident response.

AggregateIQ GitLab Leak Reveals Political Targeting Tools

🔓 The UpGuard Cyber Team discovered a publicly accessible GitLab repository belonging to AggregateIQ that exposed code, tools, and credentials used in political data operations. The leak includes an apparent campaign platform called Ripon, state configuration files, voicemail scripts, and integrations for services like Twilio and Facebook. Exposed keys, tokens, and AWS credentials raise risks of misuse and highlight ties between AIQ and Cambridge Analytica that warrant further investigation.

Understanding Why Your Personal Data Is So Valuable

🔒 In this episode of Unlocked 403, host Becks and ESET Global Security Advisor Jake Moore examine how everyday online activity becomes a marketable commodity. They explain how social media, apps and websites harvest, analyze and monetize both first- and third-party data, and why metadata often reveals more than expected. The conversation highlights risks for children and the long-term consequences of pervasive collection. Jake shares practical tips for tightening app privacy settings, limiting permissions and embracing data minimization to better protect personal information.

Rsync Misconfiguration Exposes Over One Million Leads

🔓 A publicly accessible rsync repository tied to Blue Chair LLC subsidiaries, including Target Direct Marketing and Gragg Advertising, exposed backups and web configuration files containing personally identifiable information for over one million people. The leak included MySQL backups (≈5 GB) with a peg_historical table listing names, addresses, emails, phone numbers and education details. Gragg Advertising moved quickly after notification and secured the service within an hour, but the incident underscores risks from misconfigured rsync services and weak data retention practices.