Thousands of US defence contractors personal details have been accidentally leaked by a digital consultancy. The employees’ information was released due to another error of cloud infrastructure.
Names, phone numbers, home addresses and email addresses of over 6000 Boeing staff, including government relations staff and senior executives, who had been exposed accidentally by a Washington DC-based IMGE and some of the contractor’s had apparently been working on very secretive technologies.
A Boeing spokesperson said, “this information was exposed as a result of human error by the website’s vendor. Boeing takes cybersecurity and privacy seriously and we require our vendors to protect the data entrusted to them. We are closely monitoring the situation to ensure that the error is resolved quickly.”
The information that was released has apparently been gathered by IMGE from Watch Us Fly, which is a website, committed to “advancing and protecting American aerospace and manufacturing.”
According to reports, Watch us fly asks for their supporters to leave their contact details for information on future campaigns and to direct their demands in order to fund Boeing projects to the right lawmakers. But this cannot be confirmed by Infosecurity as the UK has blocked it.
It is not clear how long the data was exposed for in the Amazon S3 bucket, however only a tiny amount of employees from Boeing were a part of the 50,000 individuals whose information was released.
Because many users are not used to cloud security settings and the best practices, it is not common for misconfigurations to occur on cloud, the CTO of DivvyCloud, Chris DeRamus said.
“It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the US government and military, as the exposed data is more than enough information for cyber-criminals to launch highly targeted attacks against those impacted to gain more confidential government information,” he added.
“Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later.”