Data leak- Thousands of US defense contractors’ data leaked !
A digital consultancy firm accidentally leaked personal information of thousands of defense contractor employees of United States due to A misconfiguration in cloud infrastructure .
IMGE, a Washington DC based firm unintentionally revealed personal data like names, phone numbers, home and email addresses of more than 6000 Boeing staff as reported by The Daily Post.
The employees whose data was leaked included defence staff, government relations staff, senior executives and even those who worked on prototyping unit on highly sensitive technologies.
“This information was exposed as a result of human error by the website’s vendor,” a Boeing spokesperson told the news site. “Boeing takes cybersecurity and privacy seriously and we require our vendors to protect the data entrusted to them. We are closely monitoring the situation to ensure that the error is resolved quickly.”
The data was collected by IMGE from a website called Watch US Fly, with the idea – “advancing and protecting American aerospace and manufacturing.” The website asks its users for contact details for future campaigns. The Daily Post reports that, Chris DeRamus, CTO of DivvyCloud, explained that cloud misconfigurations like this are increasingly common as many users aren’t familiar with cloud security settings and best practices.
“It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the US government and military, as the exposed data is more than enough information for cyber-criminals to launch highly targeted attacks against those impacted to gain more confidential government information,” he added.
“Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later.”