Debt Collection: How an Unsecured ElasticSearch Instance Exposed Thousands of Borrowers
UpGuard can now report an ElasticSearch instance used as data storage for the debt collection system ENCollect has been secured. The server contained data about loans from multiple Indian and African financial services companies that had apparently been sent to ENCollect for collection. The data totalled 5.8GB in storage size and contained a total of 1,686,363 records. Those records included personal information like name, loan amount, date of birth, account number, and more.
Student Applications: How an Education Software Company Exposed Millions of Files
UpGuard can now report that a public Google Cloud Storage bucket containing approximately 1.5 terabytes of data used to administer funding programs for college students has been secured. The bucket belonged to SmarterSelect, a company that provides software for managing the application process for scholarships, grants, and awards. The more than 2.8 million files included documents like transcripts, resumes, personal essays, tax returns, and invoices for approximately 1.2 million applications to funding programs.
By Design: How Default Permissions on Microsoft Power Apps Exposed Millions
38 million records were exposed in multiple data leaks resulting from misconfigured Microsoft Power Apps portals. Data included sensitive information such as COVID-19 contact tracing data, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.
Sign up to our newsletter
Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score
How secure is your organization?
Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
- Instant insights you can act on immediately
- Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities