Ghana govt agency exposed 700k citizens’ data in a database mess up

Ghana’s National Service Secretariate – NSS – exposed 55GB worth of citizens’ data when an AWS S3 bucket used by the Secretariate suffered misconfiguration.

VPNMentor’s cybersecurity researchers Noam Rotem and Ran Locar reported that Ghana’s National Service Secretariate – NSS – suffered a massive database misconfiguration that exposed data of up to 700,000 citizens from across the country, amounting to 55GB of data.

Researchers believe this breach poses a great risk for the Ghanian government officials associated with the agency and thousands of its citizens. The exposed database was discovered on 29 September 2021, and NSS and CERT-GH were notified between 6th and 12th October 2021.

What is NSS?

NSS is basically a government program that manages a compulsory year of public service for Ghana-based graduates from specific educational institutions. Thousands of students join this program every year to work in different public sectors such as healthcare.

How the NSS Got Attacked?

According to VPNMentor’s report, the NSS was using Amazon Web Services (AWS), where it stored over 3 million files from its different programs. Some of the files in the cloud storage account were password-protected, most of the files were still exposed to public access as well

Read More: