Security News > 2020 > March > Financial Services Firms Exposed 500,000 Sensitive Documents
Researchers say two financial services companies have exposed over 500,000 sensitive legal and financial documents by storing them in an unprotected AWS S3 bucket.
VpnMentor's research team discovered the exposed database in December 2019.
When vpnMentor's attempts to alert the firms failed, it decided to notify AWS directly, which removed access to the database within two days.
The more than 500,000 exposed documents, totaling 425Gb of data, included credit reports, contracts, bank statements, driver's licenses, legal paperwork, tax returns, purchase orders, transaction reports for payment cards and merchant accounts, social security information, and access information for bank accounts.
Malicious hackers could have also leveraged the exposed data to launch attacks against the two companies, researchers said.