Imagine being in the United States of America and being a customer of an online company that allows you to obtain a copy of birth and death certificates and see various personal information available on the document accessible to anyone on the Internet. This is what a UK cybersecurity company, Fidus Information Security, claims has made 752,000 birth certificate copies from an Amazon Web Services bucket.
According to the news advanced by TechCrunch this Monday, which did not come up with the company name, the bucket was not password protected, allowing anyone who knew the web address to have access to the data. Each submission differs from state to state, but the goal is always the same: to allow clients to submit a request, usually to the state health department, to obtain a copy of their historical records.
The applications contained the applicant's name, date of birth, home address and mobile number. In addition, the documents also contained historical personal information, including old addresses, family names and the reason for the request.
With 2017 orders, the bucket also integrates requests for 90,400 death certificates, but in this case they cannot be accessed or transferred. In one week the company will have added about 9,000 requests to the system, the website says, which says it has verified the data by combining names and addresses with public records.
Both the company and TechCrunch sent emails before the article was published to alert them of the exposed data, but the site ensures that in response they received only automated emails and no action was taken. When asked, Amazon explained that it would not intervene but would inform the customer.