Over 1TB of confidential US company data accidentally exposed

News
By published

Even redacted details could potentially be uncovered, experts warn

Data leak
(Image credit: Shutterstock/dalebor)

Cybersecurity researchers have helped seal a breach that exposed millions of documents of US businesses stored in misconfigured Amazon S3 buckets.

Data breach watchdogs WizCase ran across over eighty such misconfigured cloud storage data silos that exposed data totaling over a terabyte.

According to redacted versions of the files seen by TechRadar Pro, the documents include real estate tax information about businesses, along with photographs of the properties, as well as the building and city plans from various municipalities, mostly in the state of Massachusetts.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

“The breach could lead to massive fraud and theft from citizens of those municipalities. The highly-sensitive nature of the data contained within a local government’s database, from phone numbers to business licenses to tax records, are highly susceptible to exploitation by bad actors,” suggests WizCase in a blog post sharing details about the misconfigured buckets.

Images of redacted documents shared by WizCase

(Image credit: WizCase)

Mapping the source

WizCase says its researchers noticed that the name of the misconfigured buckets suggested they were used by the same software, which led them to the Massachusetts-based information management software developer, PeopleGIS.

In addition to business licenses, the silos also contained several pieces of personally identifiable information (PII) in residential records such as deeds, tax information, and resumes for applicants to government jobs.

Images of redacted documents shared by WizCase

(Image credit: WizCase)

“Some of the vulnerable documents were redacted, but they were digitally redacted using transparent tools like a marker. This means whoever found them could change the contrast level of the document in a photo editor and see the redacted information,” suggests WizCase.

In all, WizCase researchers could access 86 S3 buckets without having to contend with any password or encryption. PeopleGIS has since secured the buckets, once WizCase alerted them about the misconfiguration.

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Stress
Time tracker tool spilled details on remote workers - millions of screenshots leaked
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
German cloud service provider exposes entire Georgian country population - millions of personal data files leaked
Data Breach
Thousands of widely-used public workspaces are leaking data
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.

Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
See more latest
Most Popular
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited