Amazon AWS Cloud Data Leak: Thousands of US Military, Intelligence Files Exposed
The sensitive personal files of thousands of U.S. military and intelligence personnel stored on an Amazon Web Services (AWS) website were exposed publicly last month, according to cyber resilience platform provider UpGuard. Among these files were hundreds claiming “Top Secret” U.S. government security clearances.
Approximately 9,402 records from resumes and applications for employment submitted for positions with North Carolina-based private security firm TigerSwan were publicly accessible on a website hosted by AWS, UpGuard said in a prepared statement. These files contained applicants’ names, home addresses, phone numbers, email addresses, driver’s license numbers and other personal information.
TigerSwan noted the affected site was controlled by TalentPen, a former recruiting vendor. The company pointed out that AWS informed TalentPen about the security issue sometime in August, and TalentPen removed the resume files on August 24. However, TalentPen did not notify TigerSwan about the incident.
“We take information security very seriously, especially in this instance, because a majority of the resume files were from veterans,” TigerSwan CEO Jim Reese said in a prepared statement. “To our colleagues and fellow veterans, we apologize. The situation is rectified and we have initiated steps to inform the individuals affected by this breach.”
TigerSwan has confirmed there was no breach of its server and reached out to AWS to learn more about the incident, according to the company. Also, TigerSwan is exploring all recourse and options available to those who may have been affected.
More AWS Data Leaks: Time Warner, WWE, Verizon and Dow Jones
TigerSwan’s data leak is one of several incidents to affect AWS cloud users.
The repository that stored Time Warner customer records was configured to allow public access, Kromtech reported. This enabled anyone with an internet connection to access sensitive Time Warner customer documents. “This leak shows once again just how insecure data can be when the improper security settings are used,” Kromtech said in a prepared statement.
There are currently more than 1 million AWS users worldwide, enterprise and DevOps consultancy Contino indicated. The majority of AWS users are small and medium-sized businesses (SMBs), Contino stated, and enterprises make up roughly 10 percent of users.