Thursday, December 10, 2020
  • VMRay Closes $25 Million Series B
  • The Hacker Mind Podcast: Hacking OpenWRT
  • Goodbye to Flash – if you’re still running it, uninstall Flash Player now
  • Smart DNS: Delivering the Best Subscriber Experience
  • New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Cloud Security Data Security SBN News Security Bloggers Network 

Home » Cybersecurity » Cloud Security » Insurance Software Provider Exposed Clients’ Data Stored on S3 Bucket

Insurance Software Provider Exposed Clients’ Data Stored on S3 Bucket

by David Bisson on May 30, 2018

An insurance software provider exposed clients’ sensitive data that it had stored on an Amazon Simple Storage Solution (S3) bucket.

Andrew Lech, founder of AgentRun, confirmed the breach in an email sent out to the insurance agency management software company’s clients. As quoted by ZDNet:

We were migrating to this bucket during an application upgrade and during the migration the permissions on the bucket were erroneously flipped.

At the time of discovery, the S3 bucket in question lacked password protection and was accessible to anyone. A bad actor could have therefore examined its contents, which included medical information, financial details and insurance policy documents. Many of those items contained people’s personally identifiable information (PII) including their names, addresses, dates of birth, phone numbers, Social Security Numbers, Medicare cards and even their bank checks in a few instances.

In total, the leak compromised thousands of files involving Cigna, TransAmerica, SafeCo Insurance, Schneider Insurance, Manhattan Life and Everest.

The insurance software provider closed the leaky bucket within an hour of disclosure.

AgentRun wasn’t the first victim of an S3 storage breach. In 2017, the Pentagon, Verizon, the National Federal Credit Union and others all suffered similar incidents.

To prevent a S3 storage breach, many organizations now realize the importance of evaluating the configuration settings for their S3 buckets and other cloud-based storage assets. Some methods aren’t as effective as others. Manual evaluation processes, for example, often require lots of time and resources, and they can still miss crucial gaps.

Organizations shouldn’t leave anything up to chance when it comes to their S3 buckets. Instead they should look into a solution like Tripwire’s Cloud Management Assessor that automatically checks to see if any S3 storage files are exposed.

Learn more about how Tripwire’s solution helps secure S3 buckets (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/insurance-software-provider-exposed-clients-data-stored-on-s3-bucket/

May 30, 2018May 30, 2018 David Bisson Cloud, data, Latest Security News, S3
  • ← Semafone Guides Contact Centers Through Changing Regulatory Compliance Landscape
  • Network Security: FireMon Acquires Lumeta to Visualize Connections →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Michael Clark

Prevent Catastrophic Data Loss in the Cloud

Rich Gardner

CISO Roundtable: What We’ve Heard, and What We’re Looking Forward To

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Tips From a Hacker to Keep Smartphones Safe
Verizon Report Finds Cyber Espionage Attacks Aimed Mostly at Endpoints
Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again
Targeted Cyberattacks Require Targeted Security Awareness Training
One Step Ahead: Using Threat Hunting to Anticipate the Unknown
Why You Need to Have a Risk Register to Keep Track of Cybersecurity Risks
Phishing Attacks on Your Brand are Unrelenting, AI is the Only Way to Fight Back
The Top 19 Internet of Things(IoT) Security Solutions
Add Security Events to Your Monitoring Tools
DEF CON 28 Safe Mode Aerospace Village – Allan Tart’s & Fabian Landis’ ‘Low Cost VHF Receiver’

Upcoming Webinars

Thu 10

Data Security for Contact Centers Leveraging Cloud Technologies

December 10 @ 3:00 pm - 4:00 pm
Mon 14

Issues and Answers in Cloud Security

December 14 @ 1:00 pm - 2:00 pm
Tue 15

3 Things to Get Right for Successful DevSecOps

December 15 @ 3:00 pm - 4:00 pm
Wed 16

Unsolved Problems in Open Source Security

December 16 @ 11:00 am - 12:00 pm
Wed 16

Securing Medical Apps in the Age of COVID-19: How to Close Security Gaps and Meet Accelerated Demand

December 16 @ 1:00 pm - 2:00 pm
Wed 16

Deliver your App Anywhere … Publicly or Privately

December 16 @ 3:00 pm - 4:00 pm
Thu 17

Secure Your Peace of Mind and Your Mobile App While Giving Developers Back Their Happy Coding Time

December 17 @ 11:00 am - 12:00 pm
Thu 17

Solving Kubernetes Security Challenges Using Red Hat OpenShift and Sysdig

December 17 @ 1:00 pm - 2:00 pm
Thu 17

Securing JavaScript/Go Code with Insights and Analytics

December 17 @ 3:00 pm - 4:00 pm
Jan 12

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport

January 12, 2021 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Why Next-Gen Firewalls Miss the Mark for Today’s Remote Workforce
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Why Next-Gen Firewalls Miss the Mark for Today’s Remote Workforce

December 10, 2020 Mike Riemer | 9 hours ago 0
Pandemic Waves Underscore Vulnerabilities in Cloud File Systems
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

Pandemic Waves Underscore Vulnerabilities in Cloud File Systems

December 9, 2020 Edward M.L. Peters | Yesterday 0
One Step Ahead: Using Threat Hunting to Anticipate the Unknown
Cybersecurity Industry Spotlight Security Boulevard (Original) Threat Intelligence 

One Step Ahead: Using Threat Hunting to Anticipate the Unknown

December 8, 2020 Paul German | 2 days ago 0

Top Stories

Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again
Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again

December 7, 2020 Richi Jennings | 2 days ago 0
Verizon Report Finds Cyber Espionage Attacks Aimed Mostly at Endpoints
Cybersecurity Data Security Featured Network Security News Security Boulevard (Original) Spotlight 

Verizon Report Finds Cyber Espionage Attacks Aimed Mostly at Endpoints

December 7, 2020 Michael Vizard | 3 days ago 0
Brazil Govt’s Huge Leak: Health Data of 243M
Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Brazil Govt’s Huge Leak: Health Data of 243M

December 4, 2020 Richi Jennings | Dec 04 0

Security Humor

Via the amusing regulatory humor of Daniel Stori at turnoff.us (from the Archive, originally published in August of 2017)

Daniel Stori’s ‘AI Regulation’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.