• NEWS
  • INDUSTRY SPOTLIGHT
  • SECURITY BLOGGERS NETWORK
    • ANALYTICS
    • APPSEC
    • CISO
    • CLOUD
    • DEVOPS
    • GRC
    • IDENTITY
    • IDENTITY RESPONSE
    • IOT / ICS
    • THREAT / BREACHES
    • MORE
      • BLOCKCHAIN / DIGITAL CURRENCIES
      • CAREERS
      • CYBERLAW
      • HUMOR
      • MOBILE SECURITY
      • SOCIAL ENGINEERING
  • CHATS
  • LIBRARY
  • WEBINARS
© 2020 · MediaOps Inc. All rights reserved.View Non-AMP Version
  • Homepage
  • Security Bloggers Network

Insurance Software Provider Exposed Clients’ Data Stored on S3 Bucket

An insurance software provider exposed clients’ sensitive data that it had stored on an Amazon Simple Storage Solution (S3) bucket.

Andrew Lech, founder of AgentRun, confirmed the breach in an email sent out to the insurance agency management software company’s clients. As quoted by ZDNet:

We were migrating to this bucket during an application upgrade and during the migration the permissions on the bucket were erroneously flipped.

At the time of discovery, the S3 bucket in question lacked password protection and was accessible to anyone. A bad actor could have therefore examined its contents, which included medical information, financial details and insurance policy documents. Many of those items contained people’s personally identifiable information (PII) including their names, addresses, dates of birth, phone numbers, Social Security Numbers, Medicare cards and even their bank checks in a few instances.

In total, the leak compromised thousands of files involving Cigna, TransAmerica, SafeCo Insurance, Schneider Insurance, Manhattan Life and Everest.

The insurance software provider closed the leaky bucket within an hour of disclosure.

AgentRun wasn’t the first victim of an S3 storage breach. In 2017, the Pentagon, Verizon, the National Federal Credit Union and others all suffered similar incidents.

To prevent a S3 storage breach, many organizations now realize the importance of evaluating the configuration settings for their S3 buckets and other cloud-based storage assets. Some methods aren’t as effective as others. Manual evaluation processes, for example, often require lots of time and resources, and they can still miss crucial gaps.

Organizations shouldn’t leave anything up to chance when it comes to their S3 buckets. Instead they should look into a solution like Tripwire’s Cloud Management Assessor that automatically checks to see if any S3 storage files are exposed.

Learn more about how Tripwire’s solution helps secure S3 buckets (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/insurance-software-provider-exposed-clients-data-stored-on-s3-bucket/

Tags: ClouddataLatest Security NewsS3
3 years ago
David Bisson

Related Post

  • Pandemic Waves Underscore Vulnerabilities in Cloud File Systems

    As the second wave of COVID-19 hits and remote work increases again, the need for…

  • When Do You ‘Exceed’ Your Authorization to Use Computer Data?

    The law is murky on what constitutes legal authorization and use of computer data In…

  • One Step Ahead: Using Threat Hunting to Anticipate the Unknown

    Threat-hunting is a way to stay one step ahead of cybercriminals, spotting unusual activity before…

Recent Posts

  • Press Releases
  • Press Releases

VMRay Closes $25 Million Series B

Digital+ Partners Leads Continuation Funding Round in Growing Automated Threat Analysis & Detection Provider, Closing its Series B Round at…

2 hours ago
  • Security Bloggers Network

The Hacker Mind Podcast: Hacking OpenWRT

For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and…

2 hours ago
  • Data Security
  • Security Bloggers Network

Goodbye to Flash – if you’re still running it, uninstall Flash Player now

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing…

2 hours ago
  • Security Bloggers Network

Smart DNS: Delivering the Best Subscriber Experience

This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network…

3 hours ago
  • Data Security
  • SBN News
  • Security Bloggers Network

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft. On…

5 hours ago
  • Security Bloggers Network

6 ways to use analytics to deliver an exceptional end-user experience: Part 3

Welcome back to the last part of our three-part blog series on how to leverage analytics to deliver an exceptional…

5 hours ago
  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement
© 2020 · MediaOps Inc. All rights reserved.View Non-AMP Version
  • t