September 27, 2023

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru. 

The server belonging to Securitas was left unsecured, resulting in the exposure of 3TB in airport employee records. The data pertained to airport employees across Peru and Colombia. The data was exposed after Securitas left an AWS S3 bucket improperly secured, leaving one million files open on the internet for anyone to access.

The unprotected data contained information dating back to 2018. Four airports were identified in the exposed files, including El Dorado International Airport, Alfonso Bonilla Aragón Interational Airport, and Aeropuerto Internacional Jorge Chávez.

The bucket did not require any authentication to access and contained two main datasets relates to Securitas and airport employees, including ID card photos, personally identifiable information, names, photos, occupations, and national ID numbers. Photographs of airline employees performing tasks such as fueling lines and luggage handling were also in the unsecured bucket.

Advertisements

Security researchers were able to identify unstripped .EXIF data in the photographs, providing the date and time that they were taken as well as geographical location of the photograph in some cases.

Securitas engaged in conversation with the team and secured the server on the same day once it was notified about the issue.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: