Follow us:
  1. Home
  2. News
  3. Cybersecurity News

Security firm finds cache of birth certificate applications exposed online

The data reportedly had no password protection and an ‘easy-to-guess’ web address

Photo
Photo (c) anyaberkut - Getty Images
An online company that enables U.S. residents to obtain a copy of their birth certificate has exposed nearly 800,000 applications, according to Fidus Information Security

“More than 752,000 applications for copies of birth certificates were found on an Amazon Web Services (AWS) storage bucket,” according to TechCrunch, which verified the discovery of the UK-based security firm. “The bucket wasn’t protected with a password, allowing anyone who knew the easy-to-guess web address access to the data.” 

TechCrunch didn’t disclose the name of the company in question in order to protect the privacy of those who used the service. 

The applications involved in the exposure dated back to 2017 and contained information like the applicant's name, their date of birth, current home address, email address, and phone number. They also included other personal information, such as previous addresses and names of family members.

TechCrunch said that as many as 9,000 new applications have been added on a daily basis since it started looking into the exposure. 

Company hasn’t responded

Attempts to notify the company of the privacy issue have allegedly been met with “only automated emails” and no action so far. Amazon said it would also notify the company of the privacy issue, but officials added that they can’t take direct action to resolve the matter.

The safety of consumers’ online data has been called into question numerous times over the past several years. Earlier this year, investigators found that the medical data of around 5 million U.S. consumers could be easily accessed online

Last month, a privacy suit was filed against Amazon’s cloud division alleging the company “obtains and stores biometric data on behalf of its customers.” 

A report published in June by Comparitech estimated that there have been roughly 9,700 reported breaches involving over 10.7 billion records since 2008. 

Share your comments