Disregard by a third-party contractor exposed the personal information of approximately 50,000 Australian workers online.A Polish security researcher who uses the moniker “Wojciech” conceive ofed the information while searching for open Amazon S3 buckets. The details be attached to 48,270 employees of Australian government agencies, banks, and a utility. Surrounded by them, insurer AMP was perhaps the hardest hit; the misconfiguration exposed 25,000 of its workers’ information including their names, passwords, phone numbers, and in some containers their credit card numbers. 17,000 staff members from utility UGL were also casualties of the breach.It appears the misconfiguration originated from a single third-party contractor. Nobody of the affected companies have named that entity at this together. That has not prevented some from confirming the exposure, however.In really, a spokesperson for AMP did just that in a statement provided to iTnews:“The mistake was at once corrected once identified and the matter investigated to ensure all data had been separate. No customer data was compromised at any time. AMP treats data security very much seriously and has strict policies in place regarding the handling of data with third crew vendors. We are reviewing the situation to ensure standards are maintained.”
AMP, UGL, and others are currently manipulating with the Australian Cyber Security Centre (ACSC) and the external contractor to mechanism “effective response and support arrangements.” The ACSC first learned of the gulf in early October. Subsequently, it contacted the contractor and assisted them in buy off the misconfiguration.This security incident appears to be the second largest evidence breach in Australia’s history after a partner of Red Cross Blood Utility accidentally published a 1.74 GB trove of 550,000 Australian blood givers’ information online. The leaked details included their names, email orations, phone numbers, physical addresses, and other data pertaining to their Red Go across donor histories.Given the risks posed by an unsecured S3 bucket, it’s high-level that organizations take steps to secure all their data on the Amazon Web Air forces (AWS) platform. Here are a few tips to get them started.