It was recently found out that a legal firm has accidentally leaked 15,000 cases via the cloud.
Indeed, the cases involved people killed or injured in traffic accidents between 2018 and 2020, and they were apparently made public after a cloud misconfiguration. The cases contained personally identifiable information on the victim including name, national ID number, marital status, and birth date, as well as insurance and accident details.
It was researchers at reviews site WizCase who discovered the AWS S3 bucket containing 55,000 documents wide open, which required no authorization to view. Hence, anyone with the URL could have been able to access highly sensitive personal information.
The data was traced back to İnova Yönetim, a Turkish actuarial consultancy that analyzes data so as to help calculate insurance risk and premiums. The server was then quickly secured again.
Yet, these cases might still be at risk of scams and phishing, and cybercriminals might also use the data to blackmail officials or threaten individuals.
