Researchers have discovered that the personal information of over 17,000 yachting industry professionals has been exposed online after a data breach. Crew and Concierge Limited based in the UK, an international recruitment agency, was notified about the exposed personal information of workers affecting individuals of about 50 nationalities.
Jake Moore, a Cybersecurity expert at ESET admitted that the exposed personal information can do a lot of damages to victims. According to him, the expose of names and emails alone can put victims at risk of severe damages, and the addition of other sensitive data can increase the risk exponentially.
Image Source: www.vox.com
The report reveals that a server was found exposed on misconfigured unsecured Amazon Web Service S3 bucket. The server consisted of more than 90,000 files and was exposed on the internet since February 2019 without any password. It was then discovered that the files contained information of the Crew members and the Concierge’s books. Just as it is done with any discovery, the Crew and Concierge Limited was notified of the exposed personal information, and within an hour, they secured the bucket. Though there is a possibility that the personal information has been accessed, Crew and Concierge Limited claimed there is no evidence.
Some of the exposed data include the names of the individuals, phone numbers, nationality, date of birth, visas held, work history, email addresses, and their professional qualifications according to the report.
It was also reported that the resume or CV of all the individuals was exposed as well. Including the exposed documents were over 500 scans of Visas, 1295 scanned copies of passport and 1000 seafarer medical certificates. Out of the 1295 scanned passport, 1000 are still valid according to the report released by the researchers.
The researchers also admitted that a spokesperson of the Information Commissioner’s Office confirmed that they have received a report of a data breach and they are currently assessing the information provided.
Though Crew and Concierge Limited have clarified that the researchers have not submitted any evidence that the exposed personal information has been accessed, the possible scenario of what can happen if such data gets into the wrong hands was explained by Moore. According to him, the access to driver’s license and passport will put victims at risk of identity fraud. He added that if the exposed criminal records also get into the hands of bad people, there is a higher risk of facing extortion. If they end up on the dark web, it becomes a very difficult task and, may create a lot of inconvenience for the victims.
Though most of the affected victims are traced to 50 different countries, Australia, South Africa and UK nationals were the most affected. A portion of the affected individuals had 10 different documents exposed including a letter of reference from previous employers, specialist qualification and a few others. 1419 medical certificates which include hearing and vision health, and also, drug test results of the affected victims were exposed in addition to their full names, passport numbers, and date of births. There were military service records with eight from the navies according to the report.
There were a lot of professional certificates such as first aid and fire prevention qualification, personal survival as well as over 500 licenses of maritime and driver’s license.
It is possible that the Crew and Concierge Limited would be fined by the Information Commissioner’s Office under the GDPR. They may be fined of either a €20 million or 4% of the annual revenue. Misconfigured cloud servers are usually secured by default. However, they have been the common source of data breaches in recent times. It is important for companies that keep personal Information of employers and customers to take cybersecurity seriously and to ensure that the data is secured. It is the responsibility of companies to protect such sensitive information as cybercriminals are constantly searching for vulnerabilities or exposed data on the internet.
Image Source: www.fortune.com
The Yachting industry has been a primary target of hackers in recent times with the Royal Yachting Association announcing a similar incident. According to them, a database that was created in 2015 was accessed by third parties. The stolen information included names, email addresses and hashed passwords. This has called for advice for individuals to use different passwords on different websites to minimize the impact when cybercriminals get access to their credentials.
Hackers mostly take advantage of vulnerabilities and punish companies who pay less attention to cybersecurity. It is therefore important for companies and individuals to invest in cybersecurity, and update any security software to stand the chance against the attack of hackers. Crew and Concierge Limited has embarked on a comprehensive investigation with the relevant authorities.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.