Over 750,000 US Birth Applications have been leaked online due to negligence of the online company that handled the procedure. The breach contains applications ranging from 2017 to 2019.
US Birth Applications Leaked Online due to Negligence
More than 750,000 US birth applications were found in an Amazon Web Services Storage Bucket. The bucket was not encrypted nor hidden from the public, open Web. The information had present from late 2017 to this current year. The AWS Storage also had 90,400 death certificate applications, which were fortunately encrypted.
The data dump was discovered by a penetration testing company called Fidus Information Security. The company has said that the data dump was easy to find as the link was open to all. The company has said that the database was updated daily, and almost 9,000 records were added this week.
That application process is different by state but carried out the same task: allowing customers to apply to the record-keeping authority of their state, usually the health department of a country, to obtain a copy of their historical records. The applications we checked included the name of the applicant, date of birth, current home address, email address, telephone number, and personal historical information, including past addresses, family member names, and the justification for the request, such as applying for a passport or studying family history.
The company has not responded to any emails by the security company and have only received automated emails. This breach is a significant embarrassment for the company that has not been named due to privacy reasons. Amazon has said that it has informed its client about the issue and has denied making any changes to it.