Major Data Leak Includes PII Of Employees From U.S.’s Top Aerospace And Defense Contractor – Commentary From Cloud Security Expert

Leaving a database publicly accessible, unprotected without even a password, is a preventable yet common cause behind massive data leaks. Many users are not adequately familiar with the self-service nature of the cloud and may not implement proper cloud security settings and best practices, resulting in devastating data leaks, such as this incident. While the database has been removed from public view, it is unclear how long the database was left open. Regardless, threat actors could have already accessed the personally identifiable information (PII) and traded the exposed information on dark web marketplaces. It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the U.S. government and military, as the exposed data is more than enough information for cybercriminals to launch highly targeted attacks against those impacted to gain more confidential government information.

Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later. Automated cloud security solutions can detect misconfigurations, such as an unprotected database, in real time and trigger instant remediation, so that AWS buckets and other assets never have the opportunity to be exposed.