Over 54,000 scanned NSW driver's licences found in open cloud storage
Personal data is leaking everywhere. Russia, Europe, USA... Now Australia. Personal data of more than 50 thousand car owners from New South Wales were discovered in the public domain by Bob Diachenko from Security Discovery as part of another data leak investigation.
He accessed a folder containing 108,535 files of driver's license scans (scans from different sides, so that just over 54,000 Australians were affected), as well as official declarations of toll collection for road and maritime services. It was also possible to find a completed toll declaration form for the company with details such as date of birth and phone number of the person who filled it out. All documents related to the New South Wales area, and there was no indication of who might be the owner of the data.
Diachenko shared the list of directories, which included files with dates for September and October 2018.
Initial information indicates the exposed AWS S3 bucket is not related to Transport for NSW or any government system," the spokesperson said.
Instead, TfNSW suggested an unspecified third-party might be responsible for the data leak.
However, officials have already started their own investigation into the incident. They also noticed that with all the precautions taken by state companies, "third parties regularly request information about driving licenses as part of their business practices.
After discovering the license database, Diachenko contacted the Have I Been Pwned data hack notification service, which in turn notified the Australian Cyber Security Centre. The companies contacted the AWS, and the open cloud was shut down an hour or two after the announcement. Whether it will be possible to identify the perpetrator of the leak and the owner of the base, time will show. For the time being, Transport for NSW offers affected Australians to seek help. And maybe get new driver's licenses.
Is useful article?