The SafetyDirectives cybersecurity team reported on Monday that a server belonging to Securitas was left unsecured, resulting in the exposure of 3TB in airport employee records. Securitas is based in Stockholm, Sweden and provides on-site guarding, electronic security solutions, fire and safety services, and risk management services. The data pertained to airport employees across Peru and Colombia. The data was exposed after Securitas left an AWS S3 bucket improperly secured, leaving one million files open on the internet for anyone to access. The unprotected data contained information dating back to 2018. Four airports were identified in the exposed files, including El Dorado International Airport, Alfonso Bonilla Aragón Interational Airport, and Aeropuerto Internacional Jorge Chávez.
The bucket did not require any authentication to access and contained two main datasets relates to Securitas and airport employees, including ID card photos, personally identifiable information, names, photos, occupations, and national ID numbers. Photographs of airline employees performing tasks such as fueling lines and luggage handling were also in the unsecured bucket. Security researchers were able to identify unstripped .EXIF data in the photographs, providing the date and time that they were taken as well as geographical location of the photograph in some cases.
Read More: Unsecured AWS server exposed 3TB in airport employee records
Related Reading:
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Explore OODA Research and Analysis
Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop
Decision Intelligence
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
Disruptive/Exponential Technology
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency
Community
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community