Breast Cancer Charity Exposed Sensitive Images of U.S. Patients

The Ardmore, Pennsylvania-based cancer charity Breastcancer.org suffered a massive data loss impacting thousands of its registered users.

The IT security researchers at SafetyDetectives identified a misconfigured Amazon S3 bucket that was left publicly available without any safety protocols in place. Further probe revealed Breascancer.org, a US-based charity, owned the bucket.

The bucket was identified on 11 November 2021, and the files stored dated back to April 2017, while filenames suggested some images dated back to 2014 and 2017.

SafetyDetectives informed Breastcancer.org about the exposed bucket on 17 November 2021 and again on 21 November 2021. Later, the US Computer Emergency Response Team (CERT) was notified about the misconfigured bucket.

The unfortunate incident resulted in the exposure of thousands of files to the public, including sensitive images of the charity’s website users. It is worth noting that Amazon doesn’t manage this bucket, and therefore, the misconfiguration isn’t Amazon’s fault.

It shouldn’t come as a surprise since misconfigured databases is a big problem for businesses. Earlier this week, Group-IB researchers published their findings revealing that they discovered 308,000 exposed databases across the globe.

About Breastcancer.org

Breastcancer.org is a non-profit organization established in 2000 to offer the most advanced, scientifically-backed research

Read More: https://www.hackread.com/breast-cancer-charity-exposed-sensitive-images-patients/