Expert Reaction On News: New Zealand Property Management Company Leaks 30,000 Users Personal Data

It has been reported that a security researcher has discovered an unsecured Amazon Simple Storage Solution (S3) database containing more than 31,000 images of users’ passports, driver’s licenses, evidence of age documents, and more. These files are publicly accessible to anyone who has the URL and appears to be owned by the Wellington, New Zealand company LPM Property Management. This particular bucket seems to host images from LPM’s service. Out of the 31,610 files contained in the database, only 15 files are not images.

The files include:

  • Passports, both expired and active, both from New Zealand and abroad
  • Drivers licenses with ID numbers, donor statuses, addresses, DOBs, and full names
  • Evidence of age documents
  • Applicant pictures
  • Images of damaged property (labeled “maintenance requests”)

EXPERTS COMMENTS
Paul Bischoff, Privacy Advocate,  Comparitech
July 16, 2020
A virtual machine might be suitable so long as it's set up in a secure way.
Sometimes it's hard to avoid using tax software in countries where there are no secure alternatives, the law is unfamiliar, and there are language barriers. I recommend any company that insists on using Chinese tax software do so on an isolated device with no access to the company's network or other resources. A virtual machine might be suitable so long as it's set up in a secure way. This way, if ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
July 16, 2020
Networks need to be segmented to control who has access to them.
Another day, another unsecured Amazon S3 database. Incidents such as this will continue to occur until developers and database administrators learn the importance of securing their files, keeping them away from prying eyes. As bad actors are constantly on the lookout for unsecured databases that use Amazon's services, it is quite likely that this exposed data has been gleaned by the bad guys. It i ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
July 16, 2020
Unsecured databases like AWS S3 ones are an ever-increasing challenge for many organisations.
Unsecured databases like AWS S3 ones are an ever-increasing challenge for many organisations. While these databases make it extremely easy and convenient for organisations to collect and store data, one small change and a private database could end up publicly exposed. If this is not something the organisation is looking for, then they are almost certainly not monitoring logs to detect any unautho ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
July 16, 2020
these security reviews help avoid the reputational damage that is an inevitable result from a data breach
Cloud storage solutions are convenient and cost-effective, but we must not forget that proper configuration of any cloud service means configuring components, like S3 buckets, securely. Securely in this context implies that a review of the security requirements for the data stored, but also ensures that regulations like the Privacy Act 2020 are respected. If an organisation is struggling to unders ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article