Over 54,000 scanned NSW driver's licences found in open cloud storage
Scanned documents were stored in Amazon Web Services S3 cloud storage. It's not clear where the data came from yet. Experts assume that the database belongs to the toll road operator.
Personal data is leaking everywhere. Russia, Europe, USA... Now Australia. Personal data of more than 50 thousand car owners from New South Wales were discovered in the public domain by Bob Diachenko from Security Discovery as part of another data leak investigation.
He accessed a folder containing 108,535 files of driver's license scans (scans from different sides, so that just over 54,000 Australians were affected), as well as official declarations of toll collection for road and maritime services. It was also possible to find a completed toll declaration form for the company with details such as date of birth and phone number of the person who filled it out. All documents related to the New South Wales area, and there was no indication of who might be the owner of the data.
Diachenko shared the list of directories, which included files with dates for September and October 2018.
Initial information indicates the exposed AWS S3 bucket is not related to Transport for NSW or any government system," the spokesperson said.
Instead, TfNSW suggested an unspecified third-party might be responsible for the data leak.
However, officials have already started their own investigation into the incident. They also noticed that with all the precautions taken by state companies, "third parties regularly request information about driving licenses as part of their business practices.
After discovering the license database, Diachenko contacted the Have I Been Pwned data hack notification service, which in turn notified the Australian Cyber Security Centre. The companies contacted the AWS, and the open cloud was shut down an hour or two after the announcement. Whether it will be possible to identify the perpetrator of the leak and the owner of the base, time will show. For the time being, Transport for NSW offers affected Australians to seek help. And maybe get new driver's licenses.
Personal data is leaking everywhere. Russia, Europe, USA... Now Australia. Personal data of more than 50 thousand car owners from New South Wales were discovered in the public domain by Bob Diachenko from Security Discovery as part of another data leak investigation.
He accessed a folder containing 108,535 files of driver's license scans (scans from different sides, so that just over 54,000 Australians were affected), as well as official declarations of toll collection for road and maritime services. It was also possible to find a completed toll declaration form for the company with details such as date of birth and phone number of the person who filled it out. All documents related to the New South Wales area, and there was no indication of who might be the owner of the data.
Diachenko shared the list of directories, which included files with dates for September and October 2018.
Initial information indicates the exposed AWS S3 bucket is not related to Transport for NSW or any government system," the spokesperson said.
Instead, TfNSW suggested an unspecified third-party might be responsible for the data leak.
However, officials have already started their own investigation into the incident. They also noticed that with all the precautions taken by state companies, "third parties regularly request information about driving licenses as part of their business practices.
After discovering the license database, Diachenko contacted the Have I Been Pwned data hack notification service, which in turn notified the Australian Cyber Security Centre. The companies contacted the AWS, and the open cloud was shut down an hour or two after the announcement. Whether it will be possible to identify the perpetrator of the leak and the owner of the base, time will show. For the time being, Transport for NSW offers affected Australians to seek help. And maybe get new driver's licenses.
Popular
05 february
Creating an AlwaysON Availability Group Based on a Failover Cluster
10 december 2020
Cloud4Y at Gitex
27 november 2020
Black Friday exclusive – get 65 off the IaaS
20 november 2020
Cloud trends for 2021
29 september 2020
Cloud4Y at ConnecTechAsia
29 september 2020
Machine Learning in the Cloud – Business Advantages
15 september 2020
FZ-152 requirements – does your company need to comply with them?
27 august 2020
Is Personal Data Safe in the Cloud
20 august 2020
How to Prepare for Roskomnadzor Inspection and Avoid Penalties
14 august 2020
Comparison: GDPR vs. Russia's Federal Law on Personal Data