In an incident that calls to mind multiple data breaches in the analytics and influencing industries, the UpGuard Cyber Risk Team can now report that data relating to a number of subsidiaries of Kansas City holding company Blue Chair LLC, such as lead generation company Target Direct Marketing, was left exposed online, revealing personally identifiable information for over one million individuals seeking further information about higher education. Revealed in the repository are personal details for these million individuals, including their names, email addresses, phone numbers, and, in some cases, information such as the person’s high school graduation year and area of study. Also exposed in this leak are what appear to be backups of a set of server configurations for a large network of feeder websites designed to draw consumers toward the for-profit education application process.
In a striking illustration of how cyber risk affects even the newest and most novel enterprises in the digital economy, the UpGuard Cyber Risk Team can now disclose that a cloud repository belonging to Octoly, a Paris-based brand marketing company, was left exposed, revealing a backup of their enterprise IT operations and sensitive information about thousands of the firm’s registered online personalities. The leak, which resulted from the erroneous configuration of the repository for public access, revealed the contact information and personal details of over twelve thousand influential "creators" - largely Instagram, Twitter, and YouTube personalities supplied by Octoly with beauty products, merchandise, and gaming content from the marketing firm’s industry clients, which include household names like Dior, Estée Lauder, Lancôme, and Blizzard Entertainment.
UpGuard’s Cyber Risk Team can now disclose that a data repository owned and operated by Omaha-based voting machine firm Election Systems & Software (ES&S) was left publicly downloadable on a cloud-based storage site, exposing the sensitive data of 1.8 million Chicago voters. The database, which included voter names, addresses, phone numbers, driver’s license numbers, and partial Social Security numbers, appeared to have been produced around the time of 2016 general election for the Chicago Board of Election Commissioners, an ES&S customer since 2014.
UpGuard’s Cyber Risk Team can now report that a misconfigured cloud-based file repository exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded. The cloud server was owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon.
In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.
In what constitutes the latest in a series of blows to the US intelligence community’s reputation for stringent information security, UpGuard’s Cyber Resilience Team can now reveal the discovery by Cyber Risk Analyst Chris Vickery of a publicly exposed file repository containing highly sensitive US military data. Analysis of the exposed information suggests the overall project is related to the US National Geospatial-Intelligence Agency (NGA), a combat support and intelligence agency housed within the Department of Defense (DoD).
Whether browsing the internet on a mobile device, or maintaining dozens of servers, we place trust in the security and integrity of the systems to which we are entrusting our most valuable data. With every decision we make to trust in such systems, we expose ourself a bit more to the risk that a breach might compromise this information. With every permission granted, every personal detail entered, you open yourself up a bit more to such a possibility. This is cyber risk: a fact of life in the world of today, endemic to any activity relying on internet-facing technology.