IMGE, consulting firm based in the Washington, D.C.-area left their Amazon cloud-storage system database that contained the names, phone numbers, home addresses, and email addresses of about 50,000 individuals—including more than 6,000 employees of the U.S.’s primary aerospace and defense contractor Boeing, publicly accessible online.
The Boeing employees impacted ranged from senior executives to program managers to government-relations personnel, and even one executive at the company’s advanced prototyping arm that handles highly classified work for the U.S. government.
Leaving a database publicly accessible, unprotected without even a password, is a preventable yet common cause behind massive data leaks. Many users are not adequately familiar with the self-service nature of the cloud and may not implement proper cloud security settings and best practices, resulting in devastating data leaks, such as this incident. While the database has been removed from public view, it is unclear how long the database was left open. Regardless, threat actors could have already accessed the personally identifiable information (PII) and traded the exposed information on dark web marketplaces. It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the U.S. government and military, as the exposed data is more than enough information for cybercriminals to launch highly targeted attacks against those impacted to gain more confidential government information.
Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later. Automated cloud security solutions can detect misconfigurations, such as an unprotected database, in real time and trigger instant remediation, so that AWS buckets and other assets never have the opportunity to be exposed.