Whether it’s accidental or hacker intrusion, data breach incidents affect an organization in multiple ways. It could lead to severe security risks if the leaked data is misused or abused by threat actors. Cybersecurity researchers from WizCase, a web security platform, recently uncovered a massive data breach affecting 80 U.S. municipalities.
One Target, Multiple Victims
As per the investigation, the data breach affected users in over 100 U.S. cities that used “mapsonline.net” from the web service provider, PeopleGIS, to manage user information. PeopleGIS had reportedly stored the data of users in several misconfigured Amazon S3 buckets without proper encryption, exposing it to open access. The exposed information includes citizens’ addresses, contact details, IDs, photographs of individuals, photographs of properties, building and city plans, driver license numbers, tax documents, and other sensitive data.
Out of 114 buckets, 28 appeared to be properly configured, and 86 were accessible without any authentication, accounting for 1000 GB of data and over 1.6 million files.
“Some of the vulnerable documents were redacted, but they were digitally redacted using transparent tools like a marker. This means whoever found them could change the contrast level of the document in a photo editor and see the redacted information. This means even documents that were redacted were potentially vulnerable in this breach,” WizCase said.
While the number of users impacted in the incident is unknown, PeopleGIS stated it secured the vulnerable buckets immediately after WizCase reported the issue.
Reason Behind Misconfiguration
WizCase’s investigation revealed multiple reasons due to which the buckets could have become vulnerable online. PeopleGIS handed over the buckets to all municipalities, without proper configuration. As a result, the buckets were configured by different employees with no clear guidelines on the configuration and some were configured by municipalities themselves with PeopleGIS guidelines.
Data Breach Impact
Most of the exposed data is supposed to be accessed only by government authorities; however, this data leak could affect the residents of the municipalities in different ways. The personally identifiable information (PII) exposed in the breach could allow cybercriminals to launch various cyberattacks, including phishing, financial frauds, identity thefts, and file manipulation attacks. They may encrypt files in the bucket storage and demand ransom.