Data Leak Exposes IDs of Airport Security Workers

Data Leak Exposes IDs of Airport Security Workers

A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report.

A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to view the contents. After notifying the owner, Swedish security giant Securitas, on October 28 2021, the firm secured the database a few days later on November 2.

Inside the 3TB trove, the researchers found personally identifiable information (PII) on Securitas and airport employees dating back to November 2018.

At least four airports across Peru (Aeropuerto Internacional Jorge Chávez) and Colombia (El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport) are impacted.

Safety Detectives is not sure exactly how many workers are affected, but claimed the S3 bucket contained around 1.5 million files.

These include photos of ID cards featuring full names, occupations and national ID numbers, as well as other miscellaneous photos of employees, planes, luggage and more. The bucket was apparently live and being updated at the time of its discovery.

If found by threat actors, the database could

Read More: https://www.infosecurity-magazine.com/news/data-leak-exposes-personal-details/