Organizations handling highly sensitive data belonging to U.S. residents are not doing enough to protect their customers’ personal information, as a recent discovery illustrates.
A group of pen testers have found more than a quarter of a million applications for copies of birth certificates on an Amazon Web Services (AWS) storage bucket left wide open to anyone who guesses the URL. TechCrunch verified the data by matching it against public records. The bucket was not protected with a password, which led to the discovery by the UK-based penetration testing firm.
