Data Leak Exposes IDs of Airport Security Workers
A cloud misconfiguration at a leading security services multinational has exposed the details of countless airport staff across South America, according to a new report.
A team at AV comparison site Safety Detectives found an Amazon Web Services S3 bucket wide open without any authentication required to view the contents. After notifying the owner, Swedish security giant Securitas, on October 28 2021, the firm secured the database a few days later on November 2.
Inside the 3TB trove, the researchers found personally identifiable information (PII) on Securitas and airport employees dating back to November 2018.
At least four airports across Peru (Aeropuerto Internacional Jorge Chávez) and Colombia (El Dorado International Airport, Alfonso Bonilla Aragón International Airport, and José María Córdova International Airport) are impacted.
Safety Detectives is not sure exactly how many workers are affected, but claimed the S3 bucket contained around 1.5 million files.
These include photos of ID cards featuring full names, occupations and national ID numbers, as well as other miscellaneous photos of employees, planes, luggage and more. The bucket was apparently live and being updated at the time of its discovery.
If found by threat actors, the database could have enabled not only follow-on identity fraud and scams, but far more serious criminal acts, Safety Detectives warned.
“Photos of IDs and employees could allow criminals to impersonate various members of staff – employees that can gain access to restricted areas of the airport, such as luggage-loading areas and even planes,” it said.
“Criminals could even use leaked data to create counterfeit ID cards and badges. A criminal could further strengthen their appearance as a legitimate employee by downloading leaked mobile apps.”
Colombia in particular has a history not only of serious organized crime but also guerrilla warfare groups plotting to destabilize the country.
More Stories
How Confidence Between Teams Impacts Cyber Incident Outcomes
Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations...
New MedusaLocker Ransomware Variant Deployed by Threat Actor
Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ” Read...
Sellafield Fined for Cybersecurity Failures at Nuclear Site
A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility...
Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”
The UK's Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were...
CRI Releases Guidance on Avoiding Ransomware Payments
The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments Read More
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations Read More